Troy Hunt, the Have I Been Pwned person, has a very informative analysis of the breach that was not a breach, turns out nothing actually "leaked" from Linkedin, it's a mix of scrapped and generated stuff
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
Yeah but that doesn't get the clicks!!!!11one!
It says it's scraped and not leaked
Well, fuck. This was the ONE social media site that I put my data on, and that was out of necessity (job hunting). I know it's not the same, but this sort of feels like the Equifax breach.
If it's any consolation, LinkedIn is notoriously terrible at this, so your data was probably out there as early as 2016 and almost certainly after 2021, when they managed to get hit with similar breaches twice in the same year.
And we share real background information, very specific details. This could lead them to our friends and colleagues!
But I'm not sure it can be called social media, though, but if you are looking for social media platforms that can avoids data leaks, and don't ask for your personal info when register, WireMin and Damus are both good choices.
Speaking of which, we should have a version of LinkedIn that is decentralized!
linked in that is decentralized
Now you shut your damn mouth, let's just let Linked In die like it was always supposed to. It's not some sort of positive networking platform, it's just a platform that reinforces the old boys club, with some cringey posts from people who are trying to hard.
It’s not an actual leak. It’s mostly scraped data and fake addresses.
What private info is on LinkedIn? I thought the whole point was to make your resume public and get found by employers.
Yeah it's the only public social media I have with any personal information. If it leaks I'm fine with that because I use VPN and even have my email alias on there.
Can someone check if my password is there? It's 'dupa.7'. Thanks.
dupa.7
https://haveibeenpwned.com/Passwords confirms that is has been hacked 11 times.
Ok, changed to 'dupa.8'. Thanks.
s e c u r i t y
Or the most secure one: hunter2
What's that? All I see is *******
I see Lemmy has implemented Reddit's security settings. Impressive.
~~Reddit~~
IRC ftfy
This password has been seen 2,265 times before
I'm excited for my class action award of $3
Figures. The only way to get someone interested in my linkedin account is for them to steal the data.
Let me know if you see anything you like. I didn't put it on there but I'm also proficient in bocce ball
The jokes on LinkedIn. T-Mobile already has my social security number, birth date, and other important information on the dark web, thanks to their security breach.
Don't forget Equifax, assuming you are in the USA
Strangely enough, that data doesn't seem to have surfaced anywhere. There's a decent chance it was stolen by a nation-state actor using it for espionage.
Slightly refreshing from them selling your email to spammers as soon as you signed up.
How do you mean? Are you confusing recruiters reaching out to you (which is the whole point of the platform) with spammers?
I would argue recruiters sending me mass generic emails for job offers only partially related to my field is, in fact, spam.
Nope, at one point I created a LinkedIn account and my email address immediately started getting spam.
I use unique emails for things. Technically, the emails don't even exist, but I have a rule that any email that doesn't exist will be forwarded to my actual account. So the made up email I used for LinkedIn was unique and had only ever been typed into the LinkedIn service.
I've been doing this for a while, and generally most things don't seem to lose your email. There have been a few that were probably compromised, they were safe for a while then one day they were lost - this is more likely a malicious actor accessing the website's database. However LinkedIn is one of only 2 websites I've signed up for that have instantly resulted in spam - the other was a porn website.
LinkedIn have always been shady as fuck. When they first started out, they convinced everyone to input their email login details. LinkedIn would then access your email account and send emails to all your contacts asking them to join - all coming directly from your email address, not theirs. That was how LinkedIn built its market share. Back in the MSN Messenger days, LinkedIn emails were pretty notorious, but also everyone was pretty carefree online. They were perhaps one of the first services to demonstrate that you really should be careful what you share online, even if it is a "legitimate" service. Not everyone learned that lesson.
The compromised email thing happend some time after the MSN Messenger days, and I admit that I was one of those gullible baffoons who fell for the login thing initially (I've had 3 LinkedIn accounts, my first, then the second which was unique but instantly spammed, then my current). I think the porn website was more or less around the same time as well, so it is possible that LinkedIn was compromised as well as the porn site, such that anyone who signed up for either service (and maybe some others) would instantly get added to a spam list - not by the service but by the malicious infection. However, it certainly would fit their MO for LinkedIn to just sell email addresses directly.
Nowadays, I do get emails to my current LinkedIn account email that clearly should not have been shared. These tend to be more focused on the industry I work in, instead of generic spam. Recruiters almost always contact me via messages.
Don't give LinkedIn any more information than you have to. In particular, I would encourage users to share their CV's off platform.
Thanks, it's rare to find a well thought out answer in here like yours.
I agree that LinkedIn always did shady things to increase their user base. They used dark patterns to get access to your address book even as they got constant criticism for that, both externally and internally. One of their top product managers was actually proud of that, and said that they would have done more if possible.
But I very much doubt they actually sold their customer's emails at any point. They have always been very protective of their customer's data, fighting scrapers and limiting APIs. There's no upside to selling your customers info. You're undermining your own business by doing so.
Again and again and again and again. I get more spam on my linkedin email address than I do on any other.
I have a set it up so that any email sent to unknown users on my domain gets redirected to email. If you send an email to bad_address@example.com
and my real email is uranibaba@example.com
, I will still receive the email.
Now this is great because I will just use name_of_service@example.com
and still get the email. If the email is leaked, I will know where it came from.
Owning your own domain is great that way. Even makes the little bit I pay to ProtonMail well worth it. There are a few addresses I have dedicated, like my aws@example.com, me@, and my-name@, but the rest just go to a catch all. It's fantastic.
I ended up just disabling the alias I use to receive emails from LinkedIn. Since I noticed I just kept deleting those emails without ever reading them, I figured I'd just opt to not receive any emails. :D
That would explain the targeted scams I've been subjected to which seem to have been coming from old colleagues
Now I know why I'm getting scam mails on the email address that I never use online and scam phonecalls on the phone number I never use online, except for LinkedIn.
Gadammit, my linkedin uses my clean email account. Linkedin security, do better!
Was surprised at first, then I went to go log in to change my password.
And then it said I was emailed a 2FA code... the code was part of the email header.
Now I'm completely unsurprised this happened.
I'm not sure what you're implying here regarding headers? Email is insecure regardless; even when using SMTP with TLS, it's not like the headers are exposed whereas the body would be encrypted or something.
the code was part of the
... part of the Subject header in the encrypted body of the message, you mean? What a nothing-burger.
That's why today I got an email from a headhunter that used Data from my LinkedIn profile. Fuck this.
no because they probably paid a couple of hundred bucks to email you from one of the many data banks that source their information from LinkedIn.
Doesn’t sound like anything that hasn’t already been leaked elsewhere, boring 🥱
Not to mention its on my resume so its pretty available.
Anyone got an onion url to that forum? Asking for a friend.
It’s just BreachForums. Pretty sure the whole site is a honey pot.