wordpress blog stats
Connect with us

Hi, what are you looking for?

LinkedIn Passwords Leak; Fake Emails; Mobile Calendar

Yesterday, there were reports that suggested that around 6.5 million hashed and encrypted user account passwords of the professional networking site LinkedIn were posted on a Russian hacker website and around 300,000 passwords had been decrypted at that time. While LinkedIn was unable to confirm the leak for few hours, it has now officially confirmed that some of the passwords compromised in the leak correspond to LinkedIn accounts, after an internal investigation.

LinkedIn hasn’t revealed the extent of the damage caused due to this leak and LinkedIn India declined to comment on the number of passwords compromised from India. According to the latest figures, LinkedIn has 161 million members globally and it recently surpassed 15 million members in India, its second largest market outside the US.

Following the leak, a few third party sites such as LeakedIn have been set-up to check if a user’s password had been compromised. However, we’re not sure if one can trust another site with passwords, so we’d not recommend sharing password details. There’s also a list (TPB link for a torrent) containing the leaked password info in SHA-1 format (hat-tip– @angadc)

Apologizing to its users on its official blog, LinkedIn stated that it is continuing to investigate the situation and noted the various steps being pursued by the company for compromised accounts. These steps include:

  1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
  2. These members will receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once the user follow this step and request password assistance, then he will receive an email from LinkedIn with a password reset link.
  3. These affected members will also receive a second email from LinkedIn Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

LinkedIn also noted that it has now put in place an enhanced security measure which includes hashing and salting of their current password databases, so the affected members who have changed their passwords or members whose passwords were not compromised would benefit from these new measures. We wonder why the company hadn’t put these measures prior to the leak.

Fake Emails? It seems like the criminals are already using this information to send fake and phishing emails to change their LinkedIn passwords, in order to trick unsuspecting users to download malware and drive traffic to scam sites including Viagra-selling websites, as noted by The New York Times.

LinkedIn Mobile Calendar: In April, LinkedIn had added an opt-in calendar syncing feature to its iOS and Android apps. However, researchers from Skycure Security had apparently observed that LinkedIn’s iOS apps collected calendar appointment information including meeting title, organizer and attendees, location, time and meeting notes and was transmitting it in plain text to LinkedIn’s servers without user permission.

LinkedIn responded to it by saying that it needs to send this information to their servers so as to match people with their LinkedIn Profiles as part of its calendar service, although it noted that it sent this information over SSL and never stored the user’s calendar information. The company also released updated versions of its mobile apps which will no longer send data from the meeting notes section of the user’s calendar event and has added a new ‘learn more’ within the app to provide more information about how their calendar data is being used. The Android app is currently available for download on the Google Play Store while the iOS app is expected to be available on the iTunes App Store following Apple’s approval.


– Updated: Microsoft India’s Online Store Hacked; Reportedly Stored User Data In Plain Text

You May Also Like


The Bihar government has instructed its police departments to begin investigating criticism of the government, parliamentarians, legislators, and government officials, NDTV reported. The move...


The Standing Parliamentary Committee on Information Technology, headed by Congress politician Shashi Tharoor, has called on representatives of Facebook, Twitter, and the Ministry of...


Senior journalist and news anchor Nidhi Razdan was all set to start teaching at Harvard University this year. But it turns out she appears...


The Polish government is planning to ban social media companies from blocking accounts. A draft law in the country will make it illegal for...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ