LinkedIn confirms some users' passwords hacked

LinkedIn hasconfirmedthat some of its users' passwords have been compromised and said it is continung to investigate claimsthata member of a Russian online forum hacked the popular networking site and uploaded close to 6.5 million passwords to the internet.

In ablog postissued late Wednesday afternoon, LinkedIn said the passwords of users whose data had been compromised would no longer work, and they would be sent emails advising them how to change them. It would not say how many passwords had been leaked.

The passwords were allegedly uploaded encrypted and without usernames since the hacker's aimseems to have been to demonstrate that the LinkedIn site is not secure rather than to use the personal information of its users.

But according toThe Verge technology news website, which broke the news, the encryption usedis not foolproof, leaving open the possibility that thepasswords could be accessed by someone else.

The Verge reported that some LinkedIn users have foundhashedversions of their passwords on the uploaded list and recommended that all LinkedIn users change their passwords as a precaution.

The company itself included a reminder about best practices with regard to passwords in ablog postabout its investigation of the possible password leak.

"One of the best ways to protect your privacy and security online is to craft a strong password, to change it frequently (at least once a quarter or every few months) and to not use the same password on multiple sites," LinkedIn product manager Vicente Silveira wrote.

"Use this as an opportunity to review all of your account settings on LinkedIn and on other sites, too."

LinkedIn is a popular site where professionals post profiles in order to network with others in their field, look for jobsor as a way of advertising themselves to potential employers. As of November 2011, it had 131 million users and more than one million groups.

2nd security headache this week

The latest news comes just as the company isaddressing security concernsabout its mobile app for iPhones and Androidsmartphones, which syncs information in your phone calendar with LinkedIn profiles to provide details about people you are meeting at events listed in your calendar.

Earlier this week, it was reported that the app was collectingall of the details entered into the phone's calendar functions, including passcodes, emails, meeting notesor private phone numbers for teleconferences that were never intended to be shared,andtransmitting the information tothe company's servers. Concerns were raised that this might violate users' privacy.

The companyrespondedby saying the calendar sync function is an opt-in feature that users have to agree to and that the information is transmitted securely and never stored orshared. Nevertheless, it did alter the app and will now nolonger send data from the meeting notes section of calendar events to its servers during the syncing process.