LinkedIn Password Hashes Leaked Online

jones_supa writes "A user in a Russian forum is claiming to have hacked LinkedIn to the tune of almost 6.5 million account details. The user uploaded 6,458,020 SHA-1 hashed passwords, but no usernames. Several people have said on Twitter that they found their real LinkedIn passwords as hashes on the list. The Verge spoke with Mikko Hyppönen, Chief Research Officer at F-Secure, who thinks this is a real collection. He told us he is 'guessing it's some sort of exploit on their web interface, but there's no way to know.' We will have to wait for LinkedIn to report back to be sure what exactly has happened." An anonymous reader tipped us to related news: The LinkedIn iOS application harvests information from your calendar and transmits it to their servers unencrypted.

Colour me surprised!

[rogueippacket]

If you install any app on your mobile device - especially those which thrive off of your data - don't be surprised if it's actually siphoning it off in the background. If groups like Facebook and LinkedIn simply wanted you to access the service remotely, they would just stick to HTML5. Instead, apps give them unfettered access to your contacts, calendar, location, and everything else on your personal device, regardless of platform.
Just remember, it has never been about convenience to the user, and always profitability to the provider.

Re:It's not an exploit, it's a feature!

[SternisheFan]

I applied for a job earlier this year, and the pool company rejected my 'text format' resume, insisting on a resume submitted via Linked In. The last thing I wanted to do was have to join some social network just to get a job. I lived 10 minutes away from the home.office of the job and offered to meet to interview and hand them a hard copy resume. No dice, it had to be done by this Linked In. Now, after reading this news, I know it was the right decision. This internet sure has gotten wacky.