A Russian hacker has claimed to have uploaded 6.5 million LinkedIn passwords to the internet and is looking for help in cracking the passwords. LinkedIn, which has upwards of 150 million users, has not officially confirmed the attack, but has released official messages via their Twitter acknowledging their current investigation of the security breach.
UPDATE: LinkedIn has confirmed that the hack is legitimate.
Their most recent blog post states, “We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts: Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.”
There is speculation that the entire hacking could be a fraud, however, there have been increasing reports of Twitter users acknowledging that they’ve found their passwords amongst the list. The Next Web reports that approximately 300,000 passwords have already been decrypted and there is no known knowledge as to if the appropriate usernames have been stolen as well.
If social media juggernaut LinkedIn is at fault for not securing their passwords as tightly as I do my candy drawer, then I’m truly interested in seeing how this story completely unfolds. I must admit my inner marketer is squealing with anticipation for the official LinkedIn publicist announcement.
As a precaution, all LinkedIn users should change their passwords to be safe. And, once again, everyone should be reminded to never use the same password across their array of online accounts. According to Google, “When you use the same password across the web, a cyber criminal can learn the password from a less secure site and then use that password to compromise your important accounts.” For Google’s complete guide to proper online password protocols, click here.
To make matters worse for LinkedIn, there are now reports that LinkedIn’s mobile apps are scraping users’ calendar items to use for the app, without user knowledge or agreement. Ars Technica reports that “Researchers have discovered that the app scrapes users’ Calendar items and sends the data back up to its servers, even when those Calendar items were created outside of the LinkedIn app.”
Though LinkedIn representatives state that the app does ask for permission to update the calendar, it does not explicitly mention uploading users’ data to the app itself. Noticing the displeasure among users, LinkedIn has promised to “no longer send data from the meeting notes section of your calendar event” and states “there will be a new ‘learn more’ link to provide more information about how your calendar data is being used.”
Does either of these instances make you question using LinkedIn in the future? Let us know your thoughts in the comment section below.