LinkedIn: 6.5 million encrypted passwords leaked

From Digital Trends

more>>

How to stay anonymous online

Pretty soon, just about everything we do on the Web will be logged, analyzed, and used for things outside of our control. Here are some ways to help stop that.

Six tips to bombproof your password

How can we make our passwords more hack-resistant and manage all the passwords we need?

Facebook cuts off Social Roulette

True to its name, Social Roulette is a game of roulette in which you're gambling your digital life. After giving the app permissions, you then take a one-in-six chance of letting it delete your Facebook account.

7 bizarre Airbnb rentals that are almost too weird to believe

Weird accommodation options are part of Airbnb's charm, so we'd like to propose seven current listings that should be verified immediately.

Will a spotless inbox really supercharge your productivity?

Inbox Zero is the theory that an empty e-mail inbox is good for peace of mind and productivity. So is it?

Best iPhone 5 accessories

When it comes to iPhone 5 accessories, the options just keep on coming, and there are a lot of little extras that can really improve your experience.

Man arrested after selling his grandson on Facebook

Facebook is basically integrated into every part of our lives. You use it to catch up on friends' lives, meet people, find events, message people but it's also a place where people go to sell live human babies online.

Scan these smart pajamas to launch a bedtime story for the kids

Using the camera on a smartphone or tablet, a parent or child can scan one of forty-seven dot patterns printed on kids pajamas to launch a story.

There was no White House bombing; AP's Twitter hacked

If you're wondering why the Associated Press tweeted that there was an explosion at the White House, it's because its account was hacked.

Facebook Home reaches 500,000 downloads

Mobile analyst Ben Evans has noted a milestone of 500,000 Facebook Home downloads since the service launched on Google Play.

By Andrew Couts
Provided by

If you have a LinkedIn profile, go change your password right now: A reported 6.5 million hashed and otherwise encrypted LinkedIn passwords have leaked onto the Web. And yours could be one of them.

Unfortunately for the professional social network (and its users), the massive security breach isn't the only bad news. The LinkedIn iOS app has also come under fire for sending users' full meeting notes and calendar details to the company in the highly un-secure plain text format.

LinkedIn password leak

The massive password leak, first reported by Norwegian technology site Dagens IT and later confirmed by other cybersecurity experts, occurred two days ago, when someone posted the cache of encrypted passwords to a "Russian hacker website." The poster asked that other users help decrypt the passwords.The leak was confirmed by security expert Per Thorsheim, who spoke with Dagens IT, and warned users of the breach via Twitter.

In a tweet, LinkedIn indicated that it is "currently looking into reports of stolen passwords," and will update users shortly.

At the time of this writing, some 300,000 of the 6.5 million encrypted passwords have been cracked, meaning those users are now vulnerable to a variety of attacks. But that number is sure to rise as more hackers take a stab at the list.

LinkedIn currently has more than 150 million users, so it's not guaranteed that your account is compromised, though it would be prudent to assume as much. Furthermore, breaches like this often result in a wave of scam emails, posing as messages from LinkedIn about the breach, so be wary of any emails that appear to have come from the social network. It's best to simply log into the site directly by typing the address into your browser, and change your password from there.

iOS app privacy concerns

Before news of the password leak landed on LinkedIn's doorstep early this morning, The Next Web reported that the service's iOS app for iPhone and iPad sends a variety of information, including meeting notes and other details, to LinkedIn's servers in plain text format, an unsecure data transfer method. The information is only relayed if users have the calendar viewing feature enabled.

The potentially problematic practice of sending private data in plain text to LinkedIn's servers was uncovered by Israeli security researchers Yair Amit and Adi Sharabani of Skycure Security.

LinkedIn has since responded to The Next Web report, confirming the practice, though the company says that it does not "store any calendar information on its servers," nor does it "share or use your calendar data for purposes other than matching it with relevant LinkedIn profiles." The company also said that it "will no longer send data from the meeting notes section of your calendar event," given that this part of the practice seemed the most troublesome to users. Email addresses, names, meeting subject, and location will still be sent to LinkedIn.

In Case You Missed It:

- Facebook warns employers: don't ask for passwords
- Dutch airline wants you to use social sites to choose who you sit by
- Three reasons why ID theft increased in 2011 and how you can protect yourself
- All your contacts are belong to us: What apps are uploading your address book and why

This article was originally posted on Digital Trends