News broke earlier that 6.5 million LinkedIn users’ account passwords have been leaked to a Russian security forum:
The user uploaded 6,458,020 hashed passwords, but no usernames. It’s not clear if they managed to download the usernames, but it’s likely that both have been downloaded.There is a possibility that this could be a hoax, but several people have said on Twitter that they found their real LinkedIn passwords as hashes on the list.
Now, there are reports that iPhone and Android users’ calendars are being uploaded to LinkedIn’s server:
The LinkedIn app manages to gain access to your Calendar items because it has a feature that allows you to view your calendar from within the app itself. According to security researchers Yair Amit and Adi Sharabani, the app then transmits this information to LinkedIn’s servers without any clear indication to the user that this is hapening—a throwback to the Path controversy that revealed the social networking app (among many others) had been transmitting users’ contact lists to a remote server without explicit user consent.
Hopefully iOS 6 will be shipping with some new permissions controls.