You must have me confused with someone else.
> They lost hashed passwords which are not user credentials.
While you may be technically correct about credentials vs. hashed passwords, that distinction isn't relevant here. Losing hashed but unsalted passwords is still just as harmful.
Otherwise, articles like this one would not exist: http://mashable.com/2012/06/08/linkedin-stolen-passwords-lis...
Take a wild guess at what they are storing this time around.
These passwords were unsalted sha1, that's about as good as rot13. Linkedin has clearly proved completely unable to do things correctly, if that applies to passwords it applies to everything else.
edit: Here's a blog post about being able to brute force 33.1 billion MD5 hashes a second using GPU's: http://blog.zorinaq.com/?e=43
A closely related example would be of a web app I stumbled upon recently via an unexpected email I received in my LinkedIn inbox about a new educational platform that supposedly one of my contacts was recommending me to try. Curious and suspicious, I opened the link and clicked on 'connect with LinkedIn'. In small script, the app was requiring me to authorize it to send emails on my behalf, which is exactly the case of the original unsolicited message I had received: another unsuspecting user just glossed over the terms and connected their LinkedIn account to this app....resulting in all of their contacts being spammed with the message. The 'victim' was displeased to say the least when I warned them what their account was doing without their knowledge.
Had I not been careful about that and proceeded to authorize the app, I would've most likely been booted off at least a few people's contact lists for spamming them with such stuff irrelevant to their interests.
The contacts application also sends things like reminders for your contacts work anniversaries or when they change positions (something that you can't access in the LI API).
I sometimes think that I shouldn't be giving LI all of this information, but this is a typical case where the benefit received is greater than my privacy concerns.
Not to say that this isn't a bad idea though. It would have been an easier sell if you could do the IMAP proxying on the local device somehow.
This should be easy to run an background proxy under Android. Not sure if this is possible under iOS7 though.