Slashdot Mirror

← Back to Stories (view on slashdot.org)

LinkedIn User? Your Data May Be Up For Sale (zdnet.com)

Posted by msmash on from the another-day,-another-hack dept.

An anonymous reader cites a ZDNet report: Reports indicate that a LinkedIn data breach may have led to the sale of sensitive data belonging to 117 million users. The company's website experienced a data breach in 2012, but the true consequences of the breach are only now becoming apparent. Users of LinkedIn's website in 2012 discovered that roughly 6.5 million user account passwords were posted online, and the company never completely confirmed just who was impacted by the security incident. However, a hacker called "Peace" told the publication that this information is being sold on the dark web for roughly $2,200, and paid hacker data search engine LeakedSource also claims to have the data. Both sources say there are approximately 167 million accounts in the data dump, 117 million of which have both emails and encrypted passwords.LinkedIn has acknowledged the breach. In a blog post, the company writes: Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.

5 of 72 comments (clear)

  1. What sensitive data? by thegarbz · · Score: 4, Insightful

    How does LinkedIn have any sensitive data? All the data I put up there I did so specifically to share with as many people as possible with the hope of getting job offers.

    Please sell away. Hell give it away.

    1. Re:What sensitive data? by Anonymous Coward · · Score: 4, Insightful

      They have your username+password (hashed with the weak SHA1, and probably unsalted). They probably know your current employer too.

      If you used that password (or a variation of it) somewhere else - say, in a critical system owned by your employer - it's time to change it. Like, now.

  2. No shit sherlock by BitZtream · · Score: 5, Insightful

    If you're a linked in user, YOUR DATA IS UP FOR SALE

    Its in the terms and conditions. They've been doing it since day one, its their business model, its well known.

    Now you're concerned that someone else stole it and is selling it?

    You put the data on a public website with the intention of showing it to others. There is no reason for you to be doing anything on linked in that you do not intend to be public.

    How can they 'steal' data that you are intentionally begging people to take? Thats the point of linked in to its users, YOU WANT PEOPLE TO 'STEAL YOUR DATA' on linked in.

    Do you guys get shocked when you write your name and phone number on the bathroom wall and then random people call you? Thats how stupid this story is.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  3. Not a question of IF by argStyopa · · Score: 4, Insightful

    It's Linkedin.

    The question isn't IF your data is for sale, it's whether Linkedin is selling it directly or whether a hacker's taken it and is selling it for cheaper.

    So really, Linkedin's bitch is actually that they're probably being undercut in the marketplace.

    --
    -Styopa
  4. Aren't these the guys who... by Solandri · · Score: 4, Insightful

    Isn't Linkedin the site where if my friend joins and leaves a box checked because he didn't read carefully, they download his entire contact list and spam all of his contacts, and I repeatedly get emails saying that he's joined and I should join too?

    Handing your info to a company whose ethical standards allow them to pull shenanigans like this is pretty much the same thing as hackers getting your info.