Problems just doesn’t seem to end for LinkedIn. It was just a few days ago when the privacy concerns of LinkedIn’s iOS application came to light, but that wasn’t the end to LinkedIn’s troubles. As many as 6.5millions user passwords were compromised according to CNet.
LinkedIn though initially denied the report, later reported on its blog about the possible leak. Vicente Silveira, a director at LinkedIn confirmed on LinkedIn confirmed in a blog post – “We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously.”
LinkedIn has gone ahead and blocked the passwords of all the affected users while sending individual emails with instructions to reset the passwords. To avoid concerns of a phishing attack, LinkedIn has not attached a link in these mails.
LinkedIn has a user base of more than 161 million users of which 61% are from outside the United States. Besides LinkedIn, the dating site eHarmony also reported a breach with more than 6.5 million passwords being stolen.
Unfortunately for LinkedIn though, this was not the only trouble it had to go through in the last week.
Last week researchers Yair Amit and Adi Sharabani from Tel Aviv University discovered a major privacy issue with LinkedIn’s iOS application. It seems the application which allows users to view their iOS calendars within the application has been sending information back to LinkedIn servers.
The study suggests that information like meeting title, organizer and attendees, location, time and meeting notes are send back to LinkedIn. This could be a major worry if meeting notes contain sensitive information which could be dangerous in the hands of competitors.
The researchers are still puzzled why LinkedIn is collecting and sending such information to its servers, since these are not required for running the application.
According to the researchers “In order to implement their acclaimed feature of synchronizing between the people you meet and their LinkedIn profile, all LinkedIn need is unique identifiers of the people you are going to meet with, not all the details of your planned meetings; details such as meeting schedule, location, title or notes, which tend to be sensitive in particular for organizations, are irrelevant for this task”
While I was composing this article, much to my dismay even I received a mail from LinkedIn prompting me to change my password, thus putting me in panic mode. Below is an extract of the mail I received.
With things going from bad to worse for LinkedIn, it would be interesting to watch how the Professional Social Network with its 161 million patrons would be able to retain its user’s confidence.
The next few days would be a test LinkedIn’s marketing & PR team while the technical team tries to fix the password and iOS mess.