If security-cleared professionals needed another reason NOT to use LinkedIn as a job search tool, they got a good one today ? Mashable is reporting nearly 6.5 million encrypted LinkedIn passwords were leaked online. This should serve as a friendly reminder to always use different passwords for different sites, and if you use LinkedIn, change any other passwords that might be the same, today.
The 6,458,020 passwords were uploaded to a forum by a Russian user. Tweets by LinkedIn appear to confirm the hack, with @LinkedIn saying it was looking into the issue. The fact that the passwords were encrypted would seem to be a good security protocol, however Mashable reports that the system used enabled a hacker to crack the passwords “using very cheap resources in a relatively short amount of time.”
It’s not a good security day for LinkedIn. Other reports today revealed the LinkedIn app on both the iPhone and Android scrapes users’ calendar data and sends it back to LinkedIn’s servers. While the app asks users for permission to access the calendar, it doesn’t warn users that all of their data is being uploaded to LinkedIn’s servers. So you know that job interview you’d scheduled and included in your iPhone calendar? It’s not so secret ? at least to LinkedIn.
Keep in mind that the only social network designed for safe social recruiting is the Cleared Network. Don’t get caught putting the details of your security clearance online elsewhere, and straight into a forum based in Russia or China.