Complex passwords will likely take some time to decrypt, but simple ones may be at risk. Sophos security expert Graham Cluley is advising LinkedIn users to change their passwords as soon as possible, at least as a precaution. If the report is true, then hackers are undoubtedly working hard to decrypt the hashed, or unsalted, passwords. The report of the leaked passwords comes hard on the heels of word from security researchers that LinkedIn's iOS app is collecting information from calendar entries -- including passwords -- and transmitting it back to the company's servers without users' knowledge.
A LinkedIn spokeswoman told CNET that the company does not use account password information for the calendar feature of its iOS and Android apps and that the initial report may have been referring instead to passcodes that are sometimes stored for dial-in meetings. But in response to concerns over this collection of data, LinkedIn yesterday tried to explain how and why it captures this information.
The company acknowledged that it picks up information from the Calendar app on your iOS device to try to sync any appointments listed with fellow LinkedIn users. The details sent to LinkedIn's server include the e-mail addresses of the people you meet with, the meeting subject, the location, and any meeting notes.
Sophos' analysis of the breached passwords uncovered another familiar malaise -- the longstanding tendency of users to have easily guessable passwords. Passwords found in the dump include 'linkedin', 'linkedinpassword', 'pw0rd' and 'redsox', the company said in a blog post. Other examples included 'sophos', 'mcafee' and 'symantec. Though analysts have long advocated the use of strong password and passphrases for controlling access to critical applications and data, many companies and employees have continued to use weak, or default passwords.
Often, the same password is used to control access to multiple accounts. Trustwave SpiderLabs recently analyzed over 2.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. His e-mail address is jvijayan computerworld. Jaikumar Vijayan is a freelance technology writer specializing in computer security and privacy topics. Here are the latest Insider stories. More Insider Sign Out. July 14th, Meta files lawsuit to disrupt phishing scams December 31st, Fast fashion enters the metaverse December 28th, The Top 5 Christmas Ads of December 14th, The day Amazon Web Services went down December 13th, Given the growing number of users that have found their password in the hashes, that's worrying news.
Our team continues to investigate, but at this time, we're still unable to confirm that any security breach has occurred. Stay tuned here. Update 3: Security researcher Steve Gibson has highlighted a website which will check if your password can be found on the list of stolen hashes. Bear in mind if you have a common password a positive result may not mean that your account has been compromised. Subscribe to get the best Verge-approved tech deals of the week.
Cookie banner We use cookies and other tracking technologies to improve your browsing experience on our site, show personalized content and targeted ads, analyze site traffic, and understand where our audiences come from. By choosing I Accept , you consent to our use of cookies and other tracking technologies. Cybersecurity Mobile Policy Privacy Scooters.
Phones Laptops Headphones Cameras. Tablets Smartwatches Speakers Drones. Accessories Buying Guides How-tos Deals.
0コメント