LinkedIn is having one hell of a Wednesday.
First, the company faced scrutiny after it was learned that LinkedIn’s iOS application stores some calendar information in plain text on their servers. LinkedIn collects names, email addresses, and meeting notes from your calendar appointments. Of course, giving LinkedIn access to your calendar is completely optional, and you have to first opt-in to send this information to the social network, but the issue here really is how much information is captured.
LinkedIn wants you to give it access to your calendar so that it can provide you with profile information of the people you’re meeting with easily on your iPhone. This is where the names and email addresses for your meeting comes in handy. It can match those entries with known LinkedIn users, and easily link you through to that account.
The issue here is really with the meeting notes, which can sometimes contain confidential information that a company wouldn’t exactly like out there for anyone to see. LinkedIn stores this information (and, all other information) on its servers in plain text format instead of storing it in an encrypted format. This leaves the information vulnerable to anyone who can manage to hack into LinkedIn’s servers. LinkedIn has since issued a response, and will stop their application from accessing the meeting notes section, further noting that information is not stored on their servers, but is only used temporarily to match users to their accounts.
Making matters worse this morning, Dagens IT reports that over 6.5 million hashed and encrypted user passwords were posted to a Russian hacker site. The individuals who hacked LinkedIn posted the encrypted passwords online in a call for help for someone to assist in breaking the encryption. The passwords are stored in such a way that they should be fairly easy to decipher, according to the report. IntoMobile highly recommends that all LinkedIn users should change their passwords in order to keep your password and account safe. LinkedIn is currently looking into the leaked password issue, but has not issued a response as of press time.
All in all, not a great start to the Wednesday for LinkedIn. We’ll keep you updated as we learn more of the password breach issue from LinkedIn.
[via The Next Web (1), (2), (3), LinkedIn, Dagens IT]