LinkedIn stung by password theft and iOS app data bungle

Professional networking website LinkedIn has run into a pair of thorny privacy issues, after reports emerged that millions of account credentials had been leaked, while researchers also accused its iPhone app of surreptitiously snaffling users' data.

According to Norwegian website Dagens, around 6.5 million encrypted LinkedIn passwords were recently posted to a Russian hacker site. Many of those hacked passwords have now been decrypted.

Linked said in a Twitter posting that it was investigating the reports.

Our team is currently looking into reports of stolen passwords. Stay tuned for more.

— LinkedIn News (@LinkedInNews) June 6, 2012

V3 also contacted the firm for any update but had received no information at the time of publication.

Meanwhile, a pair of researchers with Israeli firm Skycure revealed details of a data-sharing issue with LinkedIn's iOS app.

Yair Amit and his colleague Adi Sharabani found the app sent users' calendar information to the company's servers, without warning.

The problem affects users that enable the feature which allows them to view their iOS calendar within the app.

“The app doesn’t only send the participant lists of meetings; it also sends out the subject, location, time of meeting and more importantly personal meeting notes, which tend to contain highly sensitive information such as conference call details and passcodes,” the researchers wrote on a blog.

The researchers said they informed LinkedIn about the potential risk of obtaining user details without permission, but the issue had not yet been fixed.

The mobile app feature had been intended to provide a better calendar service for its users, LinkedIn's mobile product manager Joff Redfern wrote in a company blog.

“We do not store any calendar information on our servers.” he said. “We do not share or use your calendar data for purposes other than matching it with relevant LinkedIn profiles.”

LinkedIn has promised to update its app, removing the capability for calendar note information to be uploaded to its servers.