LinkedIn passwords leaked by hackers

LinkedIn homepage The site had earlier issued a change to its mobile apps after a privacy flaw was uncovered

Related Stories

Social networking website LinkedIn has said some of its members' passwords have been "compromised" after reports that more than six million passwords had been leaked onto the internet.

Hackers posted a file containing encrypted passwords onto a Russian web forum.

They have invited the hacking community to help with decryption.

LinkedIn, which has more than 150 million users, said the leaked passwords would no longer be valid.

Members would receive an email with instructions on how to reset them, the company said. Users would then receive a second email with further details about why the change was necessary, it added.

Privacy concern

The news comes as LinkedIn was forced to update its mobile app after a privacy flaw was uncovered by security researchers.

What to do

Security experts have advised users to change their passwords on LinkedIn. Here's how:

  1. Visit www.linkedin.com, and log-in with your details
  2. Once logged-in, hover over your name in the top right-hand corner of the screen, and select 'Settings' from the menu
  3. You may be asked to log-in again at this point
  4. On the next screen, click the 'Account' button which is near the bottom of the page
  5. Under the 'Email & Password' heading, you will find a link to change your password

If you use the same password on other sites, be sure to change those too.

Skycure Security said the the mobile app was sending unencrypted calendar entries to LinkedIn servers without users' knowledge.

The information included meeting notes, which often contain information such as dialling numbers and passcodes for conference calls.

In response LinkedIn said it would "no longer send data from the meeting notes section of your calendar".

The company stressed that the calendar function was an opt-in feature.

However, the researchers who uncovered the flaw said the transmission of the data to LinkedIn's servers was done without a "clear indication from the app to the user".

In a statement posted on the company's blog, LinkedIn's mobile product head Joff Redfern said a new "learn more" link would be added to the app so users have a clearer picture about how their information is being used and transmitted.

More on This Story

Related Stories

More Technology stories

RSS

Features & Analysis

BBC Future

(Thinkstock)

Hidden tricks that make you click

How websites are experimenting on you Read more...

Programmes

  • Narrow boats on Regent's Canal, LondonThe Travel Show Watch

    Explore London’s industrial past on a narrowboat trip along the atmospheric Regent’s Canal

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.