Professional networking website LinkedIn has run into a pair of thorny privacy issues, after reports emerged that millions of account credentials had been leaked, while researchers also accused its iPhone app of surreptitiously snaffling users' data.
According to Norwegian website Dagens, around 6.5 million encrypted LinkedIn passwords were recently posted to a Russian hacker site. Many of those hacked passwords have now been decrypted.
Linked said in a Twitter posting that it was investigating the reports.
Our team is currently looking into reports of stolen passwords. Stay tuned for more.— LinkedIn News (@LinkedInNews) June 6, 2012
V3 also contacted the firm for any update but had received no information at the time of publication.
Meanwhile, a pair of researchers with Israeli firm Skycure revealed details of a data-sharing issue with LinkedIn's iOS app.
Yair Amit and his colleague Adi Sharabani found the app sent users' calendar information to the company's servers, without warning.
The problem affects users that enable the feature which allows them to view their iOS calendar within the app.
“The app doesn’t only send the participant lists of meetings; it also sends out the subject, location, time of meeting and more importantly personal meeting notes, which tend to contain highly sensitive information such as conference call details and passcodes,” the researchers wrote on a blog.
The researchers said they informed LinkedIn about the potential risk of obtaining user details without permission, but the issue had not yet been fixed.
The mobile app feature had been intended to provide a better calendar service for its users, LinkedIn's mobile product manager Joff Redfern wrote in a company blog.
“We do not store any calendar information on our servers.” he said. “We do not share or use your calendar data for purposes other than matching it with relevant LinkedIn profiles.”
LinkedIn has promised to update its app, removing the capability for calendar note information to be uploaded to its servers.
Finger pointed at "advanced" nation state attacker in Norwegian health records cyber attack
Kaspersky claims the ban is based on subjective, non-technical public sources - and unconstitutional
Google unleashes Cloud AutoML tool to enable ordinary Joes to train AI systems without having to write code
Next step: machine learning systems that can generate their own machine learning software
Pixel devices could be hijacked by confusing the engine and escaping the Chrome sandbox