LinkedIn Battles Privacy Concerns And Security Breach Reports
Professional networking site LinkedIn had a lousy day yesterday. First, it was forced to address concerns about its mobile app, which was found to be pulling personal data from users who had opted to synch their calendars with the program. Then, in an unrelated development, reports poured in that 6.5 million encrypted LinkedIn passwords had been stolen and posted online for decryption.
TheNextWeb reports that security researchers reached out to them with the discovery that LinkedIn’s mobile app was not only synching with calendars (when users opted in), but pulling data from the calendar and the attached notes and sending it back, unencrypted, to LinkedIn servers.
In a blog post, LinkedIn claimed that some calendar data is necessary to offer the service of displaying the profiles of others attending a meeting or event with the user. But the company seemed to acknowledge some shortcomings, promising to offer more info on how the data is used, and promising to no longer pull data from notes attached to calendars. However, LinkedIn seemed to deny that the data was not secure.
As for the passwords, LinkedIn eventually confirmed that some user passwords had been hacked. The company then discontinued any passwords that had been compromised, and sent users instruction on how to reset them.