Hot on the heels of a recent security exploit regarding the latest Linkedin iOS mobile app update, Linkedin has confirmed some of its user’s passwords were compromised.
It was reported that the latest Linkedin iOS mobile app was sending user’s calendar data, including meeting notes, back to Linkedin servers without any user acknowledgement.
Joff Redfern, Mobile Product Head at Linkedin, said that this was rather an opt-in feature dismissing claims that users are not asked for permission.
As a result of the above security breach, someone was able to compromise some user passwords which were hashed.
This means they are encrypted and not plain text. Vicente Silveira, Director at Linkedin, confirmed this saying : “We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts”.
The company hasn’t confirmed yet how many hashed user’s passwords were leaked and whether or not the corresponding e-mail addresses were also leaked.
Vicente went on to stress that they have taken measures to improve security and that investigation into the security breach is continuing.
Linkedin has also indicated that not all users are likely to be affected by the security. It has also indicated what they are pursuing as far as the affected accounts are concerned:
• Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
• These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
• These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
Although it seems the breach only affects a limited number of Linkedin users and is possibly limited to only those that have used the iOS Linkedin mobile app, it is advised that you change your password nonetheless as the best practice.