• Categories

  • Archives

    « Home

    Digital Trends: LinkedIn: 6.5 million encrypted passwords leaked as iOS app comes under fire

    Digital Trends reports on substantial security problems at social-networking service LinkedIn concerning passwords as well as user data being sent to its servers without users’ knowledge. If you have a LinkedIn account, I urge you to change your password now. Digital Trends reports:

    If you have a LinkedIn profile, go change your password right now: A reported 6.5 million hashed and otherwise encrypted LinkedIn passwords have leaked onto the Web. And yours could be one of them.

    Unfortunately for the professional social network (and its users), the massive security breach isn’t the only bad news. The LinkedIn iOS app has also come under fire for sending users’ full meeting notes and calendar details to the company in the highly un-secure plain text format.

    The massive password leak, first reported by Norwegian technology site Dagens IT and later confirmed by other cybersecurity experts, occurred two days ago, when someone posted the cache of encrypted passwords to a “Russian hacker website.” The poster asked that other users help decrypt the passwords.The leak was confirmed by security expert Per Thorsheim, who spoke with Dagens IT, and warned users of the breach via Twitter. […]

    At approximately 8:30am PT, LinkedIn said on Twitter that its team “continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred.” For the most recent updates on the situation, follow the @LinkedInNews account on Twitter. […]

    Before news of the password leak landed on LinkedIn’s doorstep early this morning, The Next Web reported that the service’s iOS app for iPhone and iPad sends a variety of information, including meeting notes and other details, to LinkedIn’s servers in plain text format, an unsecure data transfer method. The information is only relayed if users have the calendar viewing feature enabled.

    The potentially problematic practice of sending private data in plain text to LinkedIn’s servers was uncovered by Israeli security researchers Yair Amit and Adi Sharabani of Skycure Security.

    Leave a Reply