[HN Gopher] New LinkedIn Data Leak Leaves 700M Users Exposed
___________________________________________________________________
New LinkedIn Data Leak Leaves 700M Users Exposed
Author : gargs
Score : 418 points
Date : 2021-06-29 11:30 UTC (11 hours ago)
(HTM) web link (restoreprivacy.com)
(TXT) w3m dump (restoreprivacy.com)
| literallyaduck wrote:
| If Microsoft can't safely code its apis what hope does anyone
| else have?
| southerntofu wrote:
| Microsoft have never exactly had a reputation of security-
| conscious developments. However you do have a point: building
| secure software is close to impossible, and that's why we
| should build software that collects the smallest amount
| possible of personal information.
| colllectorof wrote:
| This is an excellent question/framing. The security model used
| in the industry right now is insane and doomed to fail, and yet
| it is relentlessly pushed forth and defended.
| idorosen wrote:
| duplicate: - https://news.ycombinator.com/item?id=27675648 -
| https://news.ycombinator.com/item?id=27674393
| greenie_beans wrote:
| My lord, how many times has this happened to LinkedIn? Fuckin
| ridiculous. Need some public policy to hold these companies more
| accountable when this happens, so it will happen less.
| atlgator wrote:
| How does LinkedIn know my facebook username if I've never linked
| them? How does it infer salary and is it provided to recruiters
| unverified?
| eli wrote:
| Isn't this just data that people choose to make public on
| linkedin?
| fart32 wrote:
| I wonder. I definitelly don't have my phone number and e-mail
| address visible to public (this has a purpose - if someone can
| find it, it means they at least spent 30 seconds of their life
| to issue a search query in Google) and I think most people
| don't as well. But that's the same thing with FB 2019 - my
| phone number was leaked, but I never made it public. Why would
| I.
| prennert wrote:
| The biggest issue: you cannot not give them your personal data
| that they then loose.
|
| Let me contribute with an anecdote from yesterday (slightly off-
| topic but I promise to get around to it at the end). So just
| yesterday I needed to create a Microsoft account to try out Teams
| which is supposedly free. (I have avoided it so far, but my GF
| has been asked to use it for an interview and we wanted to do a
| tech test run before). Of course, the UI on the website assumes
| (!) that you already have a Microsoft account. It will let you
| create a Teams account that will fail the login if you do not
| have a Microsoft account and then sends you around in a Byzantine
| loop without telling you: Look you need a Microsoft account to
| use Teams. It looks to me as it just creates a shallow alias or
| something without root reference. This is dark patterns all over
| the place.
|
| Anyway, a bit more on topic, I am course using my spam email for
| this account, but then they ask for my phone number. This is
| really an issue, because except if I get a burner phone, my
| personal data is linked with an account of a company I do not
| trust. After witnessing then how bad teams is almost 1.5 years
| after everyone is working remotely, (wow their web client does
| not allow you to share webcam and a window/screen at the same
| time, while their native client makes it super hard to share
| content while still seeing the people who you present to), I
| realised
|
| 1. How privileged I am not having to use Microsoft products (need
| to remember to charge extra, whenever asks me do a job that
| involves Microsoft products)
|
| 2. How anti-competitive Microsoft still is (you cannot login to
| Teams, MS web auth, in Chromium incognito mode, and it needs a
| ton of cookie domains whitelisted, even then it does not work)
|
| 3. How (and this is not Microsoft specific) difficult it is to
| not hand over personal data to companies that provide a utility-
| like service that they pretend is free (so everybody can pretend
| they are inclusive when they use these services)
|
| 4. An then literally a day later it turns out I am not paranoid
| not trusting Microsoft (and I guess other companies, big or
| small) with my data, because they are going to loose it sooner or
| later.
|
| Edit: I just logged back into this MS account. They dont even use
| the phone number as "2FA". They only send you a text when you
| register, not for subsequent logins. It looks to me as they just
| collect it to make sure they really have some personal data to
| loose..
| canadaduane wrote:
| The generous interpretation is that they need a way to give
| people something free while avoiding giving bots/spammers
| something free. You could point to CAPTCHA as a way to do this
| anonymously, but as far as I can tell, CAPTCHA has largely been
| broken by successful machine learning algos (most of the web
| scraping services I have seen offer "free CAPTCHA defeat" as a
| perk of buying their service).
| jolmg wrote:
| I wouldn't do this if it were just a typo, but since you did it
| multiple times, I thought I should inform you that you mean
| "lose", not "loose".
| asdadsdad wrote:
| Then they complain when people scrape their site...
| bennyp101 wrote:
| Is this on top of the 500M in April?
|
| https://cybernews.com/news/stolen-data-of-500-million-linked...
|
| Or is this a follow on with the rest of the data?
|
| Either way, it's pretty shoddy that they haven't put a stop to it
| arp242 wrote:
| I think we finally know what that bowl of petunias meant with
| "oh no, not again".
| keville wrote:
| (That bit is explained in _Life, the Universe and Everything_
| )
| kristopolous wrote:
| don't put any real info on those things beyond like your name ...
| really.
| archsurface wrote:
| But you're fine because you didn't give them much personal data.
| Because by now you're perfectly aware of this scenario. So you
| take your privacy seriously.
| qjighap wrote:
| I used to use linked'in@mycustomdomain.com. It (slightly) broke
| the interface for reasons I won't understand, but I eventually
| got lazy and changed it to a normal email. The extra page
| refreshes were driving me crazy. Seems I should have kept it.
| CountDrewku wrote:
| This is just basically the data that's publicly available anyway
| unless you've locked down your profile. That sort of defeats the
| purpose of LinkedIn though since you're trying to get people to
| contact you about jobs etc.
|
| I wish LinkedIn would just go away, it's turning less into a job
| specific site and more of another facebook full of idiotic
| political posts etc. I'd rather not have to deal with it at all
| but it seems employers still sort of expect you to use it.
| lanstin wrote:
| My actual goal with LinkedIn is to be able to search people
| whom I have worked with that now work with some random company
| I am curious in now. "Oh, huh, LinkedIn had a leak, who do I
| know there, oh, they were reasonable people, probably an error
| then." I must confess a certain curiosity on the inferred
| salaries I wonder how accurate they are and if we will see the
| whole data dump at some point.
| antpls wrote:
| That doesn't look like a "leak", but more like the usual mass
| scraping of APIs.
|
| An actual data leak from a breach would contain password hashes
| and private messages.
|
| It means somehow, people can access that "leaked" data anyway,
| either with APIs or by paying LinkedIn
| kleinsch wrote:
| Where are all the folks who were complaining about the LinkedIn
| anti-scraping court case destroying the open web? This is what
| LinkedIn is fighting against.
| 101_101 wrote:
| You want to defend a company that uses shitty dark patterns?
| xpe wrote:
| It is easy for hacker(s) to claim they got this data from
| scraping. From the article, we can't be confident that this is
| true (completely or in part).
| southerntofu wrote:
| Scraping the open web is NOT the same as accessing privileged
| APIs to collect private information. If LinkedIn made their
| pages accessible to anyone as a sort of public service (as they
| used to), people would think twice what data to put on there.
|
| The problem is the same as with Facebook: they pretend the data
| is private and secure, then let people siphon it away. Public
| and private networks are both fine, but huge corporations
| trying to mix both usually end up with the worst of both
| worlds.
| xpe wrote:
| > Where are all the folks who were complaining about the
| LinkedIn anti-scraping court case destroying the open web? This
| is what LinkedIn is fighting against.
|
| I find comments of the form "where are all the folks who were
| complaining..." to be tiresome. Asking "where are all the
| folks" suggest that "all the folks" don't exist because... you
| don't see them on Hacker News? ... because ... you want to make
| a dig at LinkedIn? ... because [reasons]?
|
| Unless I'm missing something (let me know), this comment seems
| like a rant based on speculation. Why believe a hacker who says
| they got this from scraping?
|
| I'm not defending LinkedIn, to be clear. I'm asking for more
| {elaboration, logic, specificity} and less rhetoric in the
| comments here.
| Sebb767 wrote:
| > making this one of the largest LinkedIn data leaks to date.
|
| _one of_.
|
| This is insane.
| SavageBeast wrote:
| Kinda makes you want to transfer all your cloud ops to Azure
| doesn't it.
| HatchedLake721 wrote:
| Nice try Satya Nadella
| Santosh83 wrote:
| If I put on my thickest tinfoil hat, I might even think these
| continuous data leaks are deliberately happening to get
| users/consumers normalised towards expecting zero privacy or
| corporate accountability going forward.
| calotow wrote:
| By including a description of your supposed hat, you kind of
| pre-negate the content of your post.
| shoto_io wrote:
| Is this a "real" leak or "just" scraped profiles?
| ParanoidalMouse wrote:
| Looks like scraped with additional data from other sources.
| Linkedin doesn't have your Facebook account, but it included in
| the database sample
| shoto_io wrote:
| Augmented data!
| stuff4ben wrote:
| But is this really a problem? LinkedIn is "advertising for
| yourself", presumably to get a job. With the exception of my
| phone number, I'm ok with the world knowing this information
| about me. It's the equivalent of a phone book and I'm putting
| myself out there and advertising myself in the hopes of getting a
| job.
| sixothree wrote:
| Do you care to share some of your private messages here in this
| thread?
| dnate wrote:
| I feel like the lines between a data leak and large scale
| scraping are getting blurred. At least in their impact for the
| user. Which is a bad thing as it will support the "so what"
| attitude that many people have toward their data.
|
| It is a fact that all this data is already being crawled by bot
| nets.
|
| If all data is leaked at once, this is similar to a large scale
| successful crawling of the site. At least from a user
| perspective.
|
| So I get what you are saying. It sounds more dramatic than it
| actually is. It is still a massive leak. But from a pool that
| scummy businesses have been thoroughly scooping from already
| anyway.
| unishark wrote:
| Are these details publicly-available for the scraping though?
|
| I'd be suspicious it was an employee with internal access to
| the data or someone who had hacked such an employee's
| computer. Of course they wouldn't admit such criminal act and
| risk getting caught, they'd claim a route anyone could use.
| tjpnz wrote:
| If the geolocation data is fine grained I would hope not.
| southerntofu wrote:
| > LinkedIn is "advertising for yourself"
|
| Not anymore, really. For years now you can't view someone's
| profile without logging in.
| emodendroket wrote:
| Yeah but the people who want to find you there have accounts.
| whoomp12342 wrote:
| My understanding is that it was "advertise yourself within your
| network". I dont want my name and face on a billboard for just
| anyone....
|
| Also, keep in mind that LI has contact information and
| passwords people might re-use
| emodendroket wrote:
| Not really. Anyone who has an account can see profile. It's
| been a go-to for journalists for a long time.
| x4e wrote:
| You can set your profile to only be viewable to connections
| or second degree connections
| salt-thrower wrote:
| You can also "hibernate" your account to disable it
| completely until you log in again. I just did this; my
| go-forward strategy will be to resurface and collect
| connections anytime I switch jobs, then hibernate it
| again when I no longer need it. That way it can serve its
| only real function of being a face for my job
| applications, and can be made invisible all other times.
| emodendroket wrote:
| More than half the value is letting people reach out to
| you when you're not actively looking. Otherwise let them
| use your resume.
| onion2k wrote:
| I have no problem with people accessing my data, but only so
| long as it's people who have a valid reason to access that
| data. In the case of LinkedIn, I don't mind my connections,
| coworkers, and (reluctantly) recruiters seeing what's on my
| resume. I do mind a random hacker accessing that information,
| selling it to anyone who'll buy, and those people then using
| that data for things that _probably aren 't related to offering
| me employment._
| emodendroket wrote:
| How do you know someone accessing your data through the Web
| site is a recruiter?
| onion2k wrote:
| I look their details up in this spreadsheet of 700 million
| people I've got.
| fogetti wrote:
| Well I can see your point, but this is not exactly the same.
|
| As a thought experiment imagine that someone now builds a
| website called Linkedout and they post your profile with a
| layover animation resembling a big red stamp which reads
| 'Slacker'. I guess you are not OK with THAT information about
| you.
| dylan604 wrote:
| Isn't that what someone that works at Slack? If they're
| getting basic employment details that badly wrong, then
| they're not very useful.
| agustif wrote:
| Oh funny I actually thought about same name
|
| LinkedOut: A decentralized 'paid' job profile site for
| professionals, not recruiters. Where you decide who can see
| your profile/data and contact you.
|
| I might just build this,but with a better name, lol
| rapnie wrote:
| You might contribute to Flockingbird who are building that
| for the Fediverse.
|
| https://flockingbird.social
| emodendroket wrote:
| My thoughts exactly. Given the nature of LinkedIn there is
| absolutely nothing I'd put there that I didn't want others to
| see.
| dylan604 wrote:
| Isn't the revealing thing about these leaks not the data that
| you provided but the data they have associated to you from
| other means?
| martinkraft wrote:
| It's good to hear that it hasn't affected you personally, but
| the severity of the leak must be assessed based on the privacy
| that was reasonably expected by users. LinkedIn has not met
| their duty to protect their personal information and that alone
| is enough to say: yes, it's a problem.
| stuff4ben wrote:
| Yeah I agree that LI hasn't done a great job of protecting
| their data from being misused. But that's the nature of
| social networks though, data is to be shared in order to
| build the network. As another commenter said, just don't put
| in anything you don't want people to find out. Absolute
| privacy cannot be achieved when you give out your information
| willingly. To paraphrase WOPR, "the only way to win the game
| is to not play."
| martinkraft wrote:
| What about your job hunt status, openings you've applied
| to, DMs?
| streamofdigits wrote:
| if you look at the sample image there are data points like
| "inferred salaries", "inferred years of experience", number of
| connections (and possibly other stuff) that somebody may or may
| not have wanted to advertise to the universe.
|
| the leaking of semi-public data (over which we may have some
| control) alongside "inferred bits" and behavioral data (over
| which we don't) and combined with other legally or illegally
| obtained sources means that individuals are facing an
| information environment where long held assumptions about who
| knows what no longer hold.
|
| lots of people still don't seem to realize what a crushing
| downgrade it is in all senses (economic, social, political) to
| be a transparent, mined entity with no sovereignty
| dannyw wrote:
| What do you think is a good solution to this problem?
| streamofdigits wrote:
| there are many ways to skin this cat if one was motivated
| enough to put their mind to it... but some suggestions
| anyway:
|
| never have 700M profiles in one place. decentralization by
| default - large scale centralization only when absolutely
| needed and with rigorous controls as a public (or highly
| regulated) good.
|
| never create portable / tradeable behavioral profiles that
| can be linked to individuals. what can happen _will_ happen
| and _is_ happening.
|
| never offer trivial free services in exchange for
| significant private data. establish a respectful and
| healthy client/user relation without hidden third parties
| in the loop
| nuker wrote:
| > With the exception of my phone number
|
| You can get it from 2019 FB leak of 533M accounts, dumped for
| free this April. My boss is in there and phone number is
| correct.
| fart32 wrote:
| I'm there and even received few scam calls from foreign
| countries. Ironically, I cancelled my account in 2019.
| diarrhea wrote:
| I imagine most people do not share your attitude, me included.
| Especially profile sections set to private staying that way
| needs to be trusted.
| rapnie wrote:
| And emails not falling in the hands of spammers is always
| nice.
| nzealand wrote:
| This hack includes inferred salary, facebook username, mobile
| number, geo location...
|
| None of this is publicly available.
|
| None of this can even be downloaded by myself when I get a copy
| of all my data from linkedin...
|
| https://www.linkedin.com/help/linkedin/answer/50191/download...
|
| So I have no idea what information about myself was leaked in
| this hack
| superjan wrote:
| Inferred salary would be useful for recruiters, perhaps they
| used recruiter accounts to scrape it?
| nojito wrote:
| Inferred salary is from salary estimates based on job titles.
| It isn't tied to your personal data IIRC.
|
| It's likely that an API endpoint was found and all the data was
| siphoned off.
| rcMgD2BwE72F wrote:
| > Inferred salary is from salary estimates based on job
| titles. It isn't tied to your personal data IIRC.
|
| How do you know?
|
| https://www.linkedin.com/help/linkedin/answer/4786/source-
| an...
|
| >When we don't have member-submitted data, salary insights
| are inferred using data between similar companies, job
| titles, location, and other job attributes.
|
| With enough "job attributes", you can easily tie things down
| to an individual: who worked as <position> at <company> in
| <city> from <start_date> to <end_date>, doing
| <job_description> with <colleagues>?
| nojito wrote:
| Because you get salary insights when you look at job
| postings which means it's an API endpoint.
| nzealand wrote:
| The same API that was used in the April breach.
|
| https://restoreprivacy.com/linkedin-data-leak-700-million-
| us...
|
| Even if you don't considered inferred salary directly tied to
| you as "personal data," surely you consider geo location
| personal data?
|
| Also, aren't you even slightly outraged that you can't even
| download data that has been hacked and released into the
| wild?
|
| Or outraged by the fact that you can only download data you
| have given directly to a service provider, but that the
| service provider will happily tell 3rd parties about your
| shadow profiles?
| nojito wrote:
| The geolocation in the response looks like the location you
| set in your LinkedIn profile.
|
| Is there anything that shows that it's your actual geo
| location when you access LinkedIn?
| neya wrote:
| Many of you may not know, But most recently, even Domino's Pizza
| (India) had a breach and they kept denying it ever happened until
| the hackers finally made a search engine where anyone could
| search through the entire database. And Domino's finally released
| some statement in some obscure part of their website. NONE of the
| users who were affected were notified directly. Many even don't
| know that this happened. What's worse is the data contained your
| precise house location and location data in general with co-
| ordinates. So, the hackers know your phone, your address, where
| you live, where you go to, been to and how much you're actually
| worth. It has been claimed financial data (credit cards) were
| stolen as well, but Domino's denies it till date and of course no
| one should trust them, given their history.
|
| So, in essence, this LinkedIn breach is also the same to me.
| Companies literally make you an attack target for hackers and
| don't even bother telling you. I don't know about you guys, I
| haven't received a single email from LinkedIn about this yet. How
| can we combat this dangerous behaviour of companies hiding their
| incompetencies from their customers? I thought of litigation and
| I almost sued Domino's, but who am I kidding? These cases could
| go on for years while they keep making people attack targets of
| hackers. And add to that corruption, and other variables. I don't
| know of what could be done to such companies. Boycotting helps,
| but imagine, more than half your customers don't know why the
| rest are boycotting and that's in your favor.
| ricardo81 wrote:
| Not surprising really.
|
| A few years back Hotmail/Outlook were returning people's
| Twitter/LinkedIn handles for emails sent/received. It had been
| noticed you could scrape that fairly easily at scale. With one
| email account you could check up to 30000 email addresses before
| being flagged by Outlook.
|
| Slightly longer ago you could simply iterate 1...n on LinkedIn
| URLs to find someone's profile, by converting the number to
| base12, you'd be redirected to the person's public URL.
|
| Also their bulk contact upload. Take any data leak of email
| addresses, bulk upload them as contacts and then correlate email
| addresses to social profiles.
|
| Facebook, Twitter and LinkedIn are all bad in that regard on the
| last method, though Facebook at least do not return people's URLs
| along with your contact upload (you're expected to know the
| person's face/name to decide whether you'd want to connect). The
| take away is that once you sign up, whatever information you put
| on your profile/account is pretty much available to anyone who
| wants it enough - and clearly there are plenty bad actors who
| want it. Obviously these social networks want to expand their
| network, but they also make it much more easy for data harvesting
| at unprecedented scale.
| Zenst wrote:
| > Also their bulk contact upload. Take any data leak of email
| addresses, bulk upload them as contacts and then correlate
| email addresses to social profiles.
|
| This is one of those functionality aspects all these
| social/networking sites fall foul of one way or another, be
| email or phone number relational suggestions. That and the
| aspect of this scraping of phone numbers or emails - even with
| the users permission, kinda moots the owner of those email and
| phone details. But does seem that once you give anybody your
| email or phone number, it kinda one way or another falls into
| the public domain level of privacy. Heck how many contact
| details via email or phone numbers do these sites hold on
| people who never even held an account with them.
|
| Be nice if the law and data privacy had some global standards
| as this region/country by country aspect does nobody any good
| and in a World in which taxation works with the same model, do
| we really want to let data protection end up with data havens
| in much the same way as tax does.
| ricardo81 wrote:
| Agreed. One of the poorer aspects of those 'functionalities'
| is friends of friends details get added, i.e. sharing your
| phone contacts or email contacts. There's people not on those
| networks that have a definite amount of information about
| them on there anyway.
| danielEM wrote:
| Feels a bit ackward to admit it nowadays, when nearly every job
| offer for IT proffessionals requires to provide LI profile link.
| But stopped using linkedin after first their leak with
| unencrypted passwords and not informing about it for months.
| lazyweb wrote:
| Hah, I was just logging into linkedin again after some months,
| looking at the landing page for a bit (before login). Wasn't
| aware they let you create accounts with passwords as short as six
| (!) characters.
| AzzieElbab wrote:
| The article does not explain what info beyond public profiles had
| been stolen. You can already google search LinkedIn making this
| data leak very low impact
| whoomp12342 wrote:
| it bypasses privacy settings users may have set up. e.g. not
| everyone can see my contact info
| syntaxstic wrote:
| https://github.com/vysecurity/LinkedInt
| emodendroket wrote:
| Seems like just the phone number and email.
| AzzieElbab wrote:
| Yeah missed that. My LinkedIn api experience is dated, are
| those visible via api?
| ta988 wrote:
| The Linkedin API is dated. So you are probably up to date
| ;)
| emodendroket wrote:
| Kind of ambiguous from the article's description of
| "exploiting the API."
| ianpurton wrote:
| So the attacker claims to have harvested the data via the API.
| Looks like you can get any user profile if you're an approved
| developer.
|
| Possible the attacker slowly downloaded the whole database.
| specialist wrote:
| FWIW, I've been scrubbing my social profiles. LinkedIn, Yelp,
| Facebook, etc.
|
| Barest of bones. Removing all connections, photos, posts,
| personal details. (I know the damage is already done. The
| aggregators never really delete anything.)
|
| Why not just out right delete my profiles? I'm squatting. To
| ensure they're not used as socket puppets.
|
| After a beloved coworker passed, their profile got highjacked.
| Ten years later, I'm still so angry about it that I could just
| spit.
| willis936 wrote:
| >The aggregators never really delete anything.
|
| Sort of. Data that is 5+ years old is pretty stale. How many
| things _don 't_ change over that period of time and how can you
| be sure that they haven't changed? The most valuable things are
| phone numbers and email addresses. We expect those to be
| maintained so we can re-establish contact with old friends.
| bb123 wrote:
| I've been doing the same. The potential downside risk of having
| LinkedIn/Facebook/Instagram profiles just keeps growing and
| growing. I'm a complete ghost on the Internet. I have Google
| alerts set up for my names and email addresses, and I regularly
| attempt to docs myself to find any leaks. I also can't
| understand why anyone in the public eye doesn't completely
| sanitise their social media profiles. The amount of people
| brought down by 10 year old stupid tweets is insane.
| ebb_earl_co wrote:
| I was going to ask if you said "docs" as in "doxxing" [0] but
| then a quick Wikipedia search got me to the etymology [1] of
| "doxxing" which comes from "docs" as in "documents"! TIL
|
| [0] https://www.thefreedictionary.com/doxx [1]
| https://en.wikipedia.org/wiki/Doxing#Etymology
| goldenkey wrote:
| This. The best way to erase social media is to replace the
| account with a bunch of BS. Most of these companies are too
| cheap and Zucker's "move fast" culture probably doesn't involve
| database record versioning. Also because it's expensive. The
| old SET _deleted_=1 is pretty much their main ace in the hole
| to f*k you. Hell, even if they do versioning, just keep filling
| the profiles with enough noise and they won't be able to filter
| it all out unless they somehow index and data warehouse your
| profile from the decrepit old backup. At that point, you are
| just hoping their schema changes, the logistics, and their bad
| practices are enough to prevent that from being cost efficient.
| MeinBlutIstBlau wrote:
| I saw someone on here had a program that went in your profile
| and rewrote all posts with garbage data before you deleted
| it. Like for Facebook, Twitter, Discord, etc. That way you
| know their database is filled with junk data. I'd really like
| to know what that was again so I could peak at it in case I
| ever wanted to do that.
| xpe wrote:
| > To ensure they're not used as socket puppets.
|
| sock puppets :)
|
| Done much network programming lately?
| scrollaway wrote:
| Socket pups sounds like such a lovely alternative to
| sockpuppets.
| chrisjc wrote:
| Same, but also adding a lot of fake data. Then again, they're
| probably smart enough to figure out what is real.
| dylan604 wrote:
| But if you made it a thing to daily post fake things so that
| the activity looks normal, can you eventually convice the
| social overlords you are someone else?
|
| Relocate yourself to another city/state/country in your
| profile. Daily make posts about things occurring in that new
| location. Make those posts in sync with local time. Of course
| using a VPN endpoint that correlates.
| ravenstine wrote:
| I would do this, but my data has been up in social media long
| enough that I don't believe it makes a significant difference
| if I superficially "delete" it now. Maybe I'm wrong?
|
| At this point, I just don't add anything new. If they're going
| to host my content ad infinitum, I might as well use their
| storage space and bandwidth.
|
| I guess it probably would be worth ditching LinkedIn. There's
| no good reason why a [worthwhile] prospective employer would
| require it.
| nickstinemates wrote:
| The best time was not to do it in the first place. The second
| best time is now.
|
| Your past self, current self, and your future self are
| different people. Don't give in to sunk cost fallacy here.
| slt2021 wrote:
| this is the right approach
| fnordfnordfnord wrote:
| > I'm squatting. To ensure they're not used as socket puppets.
|
| Good idea. I've noticed more of those popping up. My wife has
| an Instagram impersonator that constantly spams some kind of
| essential oils crap or other beauty product snake oil.
| mhuffman wrote:
| I am surprised there is not a service for this!
| AugurCognito wrote:
| Check out Redact(https://redact.dev/).
| hummel wrote:
| Thanks for the tip! Miss google on the services
| ds wrote:
| Sucks, but heres why no google support:
|
| From the redact.dev FAQ page:
|
| Why don't you support anything made by Google or Apple?
| At this time, we are reliant on both Google and Apple to
| be listed in their respective app stores. As such, we
| have been advised that in order to remain in good
| standing we should not offer support for these services.
| pyuser583 wrote:
| Ouch.
| throwawaysea wrote:
| How do you know you can trust this app, by the way?
| throwawaysea wrote:
| How do you scrub your Facebook profile? There aren't good tools
| for it. Facebook itself only lets you do it one post at a time
| in their activity log. Their constant design changes have
| broken extensions that used to help you do it
| (https://chrome.google.com/webstore/detail/social-book-
| post-m...)
| ds wrote:
| https://redact.dev
| rvz wrote:
| Now we will see an increase in SIM swapping attacks via this data
| dump and tons of fraud happening here.
|
| I hope they didn't use their phone number to login to their bank,
| crypto exchange or other social media accounts.
|
| Using phone numbers for login should be completely discouraged.
| emodendroket wrote:
| If someone merely knowing your phone number is a security risk
| that really seems like a flaw that should be addressed with the
| phone system and not by treating the numbers like sensitive
| information.
| SketchySeaBeast wrote:
| There was a time when there were whole books of said numbers
| and it wasn't a security risk. We've definitely gone wrong
| with our assumptions somewhere.
| darkfirefly wrote:
| True, but whether or not it should be or not doesn't change
| the fact that it is the current state of the US.
|
| And it's not really just the phone number, but the
| combination of personal info that allows for social
| engineering - without having the existing customer confirm
| the transfer.
| rightbyte wrote:
| I've seen worse. All you need to use a credit card is the
| number printed on it and still we hand it to strangers to run
| off with for 3 minutes like nothing.
| eythian wrote:
| > and still we hand it to strangers to run off with for 3
| minutes like nothing.
|
| Why would you do that?
| rightbyte wrote:
| I'm joking about the restaurant experience. Nowadays the
| staff usually comes out with a portable machine though.
| emodendroket wrote:
| I saw that in Canada but it's rare in the US.
| justusw wrote:
| This is why it's good to only share data with LinkedIn that you
| expect to be leaked.
| bennyp101 wrote:
| Crazy that this is the default stance now for places that
| should know better
| SketchySeaBeast wrote:
| My LinkedIn data leaked? Honestly, it's free advertising.
| dylan604 wrote:
| And what in that leak is going to make you stand out from the
| other 699,999,999 users? rand(oneLuckyUser) == You???
| SketchySeaBeast wrote:
| Didn't say it was good advertising.
| salt-thrower wrote:
| "You get what you pay for"
| xpe wrote:
| To the extent the leak goes beyond public-facing profile
| information, this is far from "advertising".
| SketchySeaBeast wrote:
| That's fair and for many it's not good at all - I was
| speaking strictly for myself. I didn't link my account to
| any other social media, nor did I put a phone number on
| there.
| ransom1538 wrote:
| This is why it's good to only share data with ANY SERVICE that
| you expect to be leaked.
| takeda wrote:
| So now we know where the security engineers from Western Digital
| went.
| impreciouschild wrote:
| "Hacker" collates linkedin users diligent self-doxing efforts.
| one2three4 wrote:
| I'm curious. Was Linkedin always so bad at securing its (our)
| data or things have gone downhill ever since the acquisition?
|
| It is becoming a regular thing, almost part of the news cycle.
| "In other news, yesterday was the biannual data leak from
| Linkedin".
|
| It is outrageous.
| dannyw wrote:
| I've know a few people who worked at LinkedIn prior to the
| acquisition. They say it was worse before.
| scrollaway wrote:
| It was always that bad. In fact it probably used to be even
| worse.
| nafizh wrote:
| I have said it many times before. Unless and until you make
| companies pay exorbitant amount of money when your data gets
| stolen from them, the companies will never be serious enough
| about security. We had the whole Equifax fiasco, and nothing has
| changed.
| dada78641 wrote:
| Well, they finally got me to log in again after, what, 5 years?
| Good on them.
| _uxgb wrote:
| LinkedIn became crap a long time ago. Let's make
| https://www.polywork.com the default way to share your
| achievements.
| keb_ wrote:
| Looks terrible.
| kwere wrote:
| no real information on the landing page, only hype. I guess it
| is for vc folks not users...
| ta988 wrote:
| Design looks like a kid tv station. I scrolled through weird
| animations to get no info at all. I closed the page.
| nomdep wrote:
| Sorry, but looks like vaporware, and the company (Kalo) seems
| scammy: broken website, no activity for years even when they
| claim to have raised millions, etc.
| qku wrote:
| Can't tell what it does from the website.
|
| It scrolljacks you from the beginning and shows a lot of
| cartoon characters and trite phrases.
|
| It doesn't even do anything yet but ask me to join a waitlist.
| This is supposed to replace a social network with 700 million
| users?! It looks horrible.
| emodendroket wrote:
| Hmmm no I think I'll stay on the one people have actually heard
| of where you actually get scouted.
| dempsey wrote:
| Not sure if the waitlist/vip method is well suited to this.
| dafman wrote:
| I've never seen a website chug so badly on my machine, I barely
| got 5fps on any of that page
| skapadia wrote:
| Oh lord I wouldn't be surprised if recruiting companies pay to
| get this data.
| jacquesm wrote:
| I'm not in there. I never saw any value in a LinkedIn profile.
| SavageBeast wrote:
| I'm curious enough to ask the question - having read the article
| and seen what data was leaked - isn't this "leaked data" the very
| same data that Linked In is selling to users as part of its
| Premium Offering?
| spsful wrote:
| IMO it seems to be exactly the same thing.. LinkedIn has never
| made itself out to be respectful of privacy, so I'm really not
| surprised.
| JohnTHaller wrote:
| Now when cold-calling scammers that buy lists from ZoomInfo say
| they 'got my info from LinkedIn' they may not be lying.
___________________________________________________________________
(page generated 2021-06-29 23:02 UTC)