LinkedIn Passwords Leaked by Hackers
The news comes at the heels of yesterday's discovery by security researchers of a privacy flaw in LinkedIn's mobile app. According to Skycure Security, the mobile app was automatically sending unencrypted calendar entries to LinkedIn servers without users' knowledge or consent. The information included meeting notes, which often contain personal information such as dialing numbers and passcodes for conference calls. Skycure reported that the names and email addresses of the meeting organizer and attendees were being collected even for those who did not have a LinkedIn account. This practice arguably violates Apple's privacy guidelines that prohibit apps from transmitting personal data without users' informed consent. In response, LinkedIn issued a statement that it would no longer send data from the meeting notes section of users' calendar, and that it would include a new "learn more" link to provide greater transparency in LinkedIn's data collection and use practices.
As a precautionary measure, security experts advise that all LinkedIn users immediately change their passwords.