Linkedin600It’s not a good day for LinkedIn. After reports that its iOS app potentially violates user privacy by sending detailed calendar entries to its servers, comes a report that 6.46 million encrypted LinkedIn passwords have leaked online.
A Russian forum user claims he has hacked LinkedIn, uploading 6,458,020 encrypted passwords (without usernames) as proof.
[More from Mashable: Viral ‘Privacy Notice’ on Facebook Is Fake]
The passwords are encrypted with the SHA-1 cryptographic hash function, used in SSL and TLS and generally considered to be relatively secure, but not foolproof.
While there’s a possibility that the password collection is not genuine, some reports on Twitter add credibility to the story. LinkedIn said on Twitter it’s looking into the issue.
[More from Mashable: It’s Facebook Election Week: How You Can Vote on Your Privacy]
Our team is currently looking into reports of stolen passwords. Stay tuned for more.
— LinkedIn (@LinkedIn) June 6, 2012
If you’re a LinkedIn user, we recommend you change your password right now.
Developing…
This story originally published on Mashable here.