wordpress blog stats
Connect with us

Hi, what are you looking for?

LinkedIn Passwords Leak; Fake Emails; Mobile Calendar

Yesterday, there were reports that suggested that around 6.5 million hashed and encrypted user account passwords of the professional networking site LinkedIn were posted on a Russian hacker website and around 300,000 passwords had been decrypted at that time. While LinkedIn was unable to confirm the leak for few hours, it has now officially confirmed that some of the passwords compromised in the leak correspond to LinkedIn accounts, after an internal investigation.

LinkedIn hasn’t revealed the extent of the damage caused due to this leak and LinkedIn India declined to comment on the number of passwords compromised from India. According to the latest figures, LinkedIn has 161 million members globally and it recently surpassed 15 million members in India, its second largest market outside the US.

Following the leak, a few third party sites such as LeakedIn have been set-up to check if a user’s password had been compromised. However, we’re not sure if one can trust another site with passwords, so we’d not recommend sharing password details. There’s also a list (TPB link for a torrent) containing the leaked password info in SHA-1 format (hat-tip– @angadc)

Apologizing to its users on its official blog, LinkedIn stated that it is continuing to investigate the situation and noted the various steps being pursued by the company for compromised accounts. These steps include:

  1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
  2. These members will receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once the user follow this step and request password assistance, then he will receive an email from LinkedIn with a password reset link.
  3. These affected members will also receive a second email from LinkedIn Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

LinkedIn also noted that it has now put in place an enhanced security measure which includes hashing and salting of their current password databases, so the affected members who have changed their passwords or members whose passwords were not compromised would benefit from these new measures. We wonder why the company hadn’t put these measures prior to the leak.

Fake Emails? It seems like the criminals are already using this information to send fake and phishing emails to change their LinkedIn passwords, in order to trick unsuspecting users to download malware and drive traffic to scam sites including Viagra-selling websites, as noted by The New York Times.

Advertisement. Scroll to continue reading.

LinkedIn Mobile Calendar: In April, LinkedIn had added an opt-in calendar syncing feature to its iOS and Android apps. However, researchers from Skycure Security had apparently observed that LinkedIn’s iOS apps collected calendar appointment information including meeting title, organizer and attendees, location, time and meeting notes and was transmitting it in plain text to LinkedIn’s servers without user permission.

LinkedIn responded to it by saying that it needs to send this information to their servers so as to match people with their LinkedIn Profiles as part of its calendar service, although it noted that it sent this information over SSL and never stored the user’s calendar information. The company also released updated versions of its mobile apps which will no longer send data from the meeting notes section of the user’s calendar event and has added a new ‘learn more’ within the app to provide more information about how their calendar data is being used. The Android app is currently available for download on the Google Play Store while the iOS app is expected to be available on the iTunes App Store following Apple’s approval.

Related:

– Updated: Microsoft India’s Online Store Hacked; Reportedly Stored User Data In Plain Text

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

While the market reality of popular crypto-assets like Bitcoin may undergo little change, the same can't be said for stablecoins.

News

Bringing transactions related to crypto-assets within the tax net could make matters less fuzzy.

News

Loopholes in FEMA and the decentralised nature of crypto-assets point to a need for effective regulations.

News

The need of the hour is for lawmakers to understand the systems that are amplifying harmful content.

News

For drone delivery to become a reality, a permissive regulatory regime is a prerequisite.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ