The closing 24 hours have been for the operator of the social community LinkedIn, which is related to the German Xing, no piece of cake.&#a hundred and sixty;First, the iOS app when sending was convicted of event details and shortly afterwards it became known that were up to 6.5 million passwords leaked.


Privacy concerns in the IOS-App

Discovered were the problems of the iOS App from Skycure Security . The app from LinkedIn allows access to local calendar information, which in itself is not a problem at first. This access to the calendar, the user must explicitly enable (opt-in).

When activated, it transmits the app, the calendar dates of the next five days but also in plain text on the servers of the social network, without first informing the user about it. This violates the app to point 17.1 of Apple's Privacy Policy:

Apps can not transmit data about a user without the user's prior permission Obtaining and providing the user with access to information about how and where the data will be used

The problem is that are stored in the meeting-Details often sensitive information such as phone numbers and PIN codes to Konferentschaltungen. Submitted the following fields: Meeting title, organizer, participants, location, time and meeting notes. The data of the organizer and participants include the appropriate e-mail addresses.

The operators have now responded to the allegations and made ​​some changes to the Android and iOS app. So now about the meeting notes will not be transferred. In addition we have added a link that more information on using the collected data is held.

In addition, wrote Joff Redfern LinkedIn, that all information is sent over SSL connections and the calendar function will continue to be an opt-in feature that can be disabled at any time.The data is not stored on the servers of the social network, and only to be used to refer to relevant LinkedIn profiles.

6.5 million passwords leaked

As among other things, Sophos' Naked Security Security Team reports, hackers have around 6.5 million passwords of published social network. The passwords are provided with a SHA-1 hash, but not encrypted, the "Decrypt" much easier.

LinkedIn has now confirmed the leak and made ​​the passwords of the affected accounts invalid. These users were notified by mail. As the hackers were able to get to the data, the company could not yet say.


If you still have questions regarding LinkedIn leaked revealing 6.5M passwords and iOS App, you can either leave us a comment on our  Facebook page, Follow us on twitter, add us on your Google+&#a hundred and sixty;circle&#a hundred and sixty;to Keep up to date.

Follow us on Twitter, subscribe to our Facebook Page, find us on LinkedIn