LinkedIn has confirmed that user passwords have been stolen, though, in his blog post director Vicente Silveira doesn’t say how many. LinkedIn will contact members whose passwords were hacked by email, telling them of the breach and suggesting a password reset. As for everyone else–they’ll “benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases,” Silveira wrote.
Updated 8:00 a.m. EST, June 7.
LinkedIn users were in for a security scare this morning when a Russian user claimed access to 6.5 million LinkedIn passwords which they published (without usernames) in an online forum. LinkedIn has acknowledged the finding, tweeting: “Our team is currently looking into reports of stolen passwords. Stay tuned for more.” LinkedIn is also fending off criticism on the privacy front after a New York Times report revealed that meeting notes (including locations, participants and times) were sent to LinkedIn servers from iOS phones when users enabled their Calendar Sync feature. In a blog post published this morning, LinkedIn said it would modify the feature so that calendar events were synced, leaving meeting details untouched. LinkedIn uses calendar data collected in its servers to match people up, but explained that the data is securely sent via SSL and that the calendar information itself isn’t revealed. Also, addressing the Times’ concern that this data was being transmitted without user’s knowledge, LinkedIn said it would add a more explicit description about what calendar information it accessed from smartphones.