Slashdot Mirror

← Back to Stories (view on slashdot.org)

LinkedIn User? Your Data May Be Up For Sale (zdnet.com)

Posted by msmash on from the another-day,-another-hack dept.

An anonymous reader cites a ZDNet report: Reports indicate that a LinkedIn data breach may have led to the sale of sensitive data belonging to 117 million users. The company's website experienced a data breach in 2012, but the true consequences of the breach are only now becoming apparent. Users of LinkedIn's website in 2012 discovered that roughly 6.5 million user account passwords were posted online, and the company never completely confirmed just who was impacted by the security incident. However, a hacker called "Peace" told the publication that this information is being sold on the dark web for roughly $2,200, and paid hacker data search engine LeakedSource also claims to have the data. Both sources say there are approximately 167 million accounts in the data dump, 117 million of which have both emails and encrypted passwords.LinkedIn has acknowledged the breach. In a blog post, the company writes: Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.

10 of 72 comments (clear)

  1. Not a big deal... by __aaclcg7560 · · Score: 5, Funny

    Hackers already got my background investigative interview file from the government. LinkedIn data will confirm my employment dates.

  2. What sensitive data? by thegarbz · · Score: 4, Insightful

    How does LinkedIn have any sensitive data? All the data I put up there I did so specifically to share with as many people as possible with the hope of getting job offers.

    Please sell away. Hell give it away.

    1. Re:What sensitive data? by Anonymous Coward · · Score: 4, Insightful

      They have your username+password (hashed with the weak SHA1, and probably unsalted). They probably know your current employer too.

      If you used that password (or a variation of it) somewhere else - say, in a critical system owned by your employer - it's time to change it. Like, now.

    2. Re:What sensitive data? by 93+Escort+Wagon · · Score: 2

      If someone claims to be an IT person but uses the same password on LinkedIn that he uses at work... I hope people aren't trusting him to do anything sensitive or important.

      --
      #DeleteChrome
    3. Re:What sensitive data? by Z00L00K · · Score: 2

      I use LinkedIn as a address book more than anything else.

      So it may be annoying if all the mail addresses of my contacts went widespread.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  3. No shit sherlock by BitZtream · · Score: 5, Insightful

    If you're a linked in user, YOUR DATA IS UP FOR SALE

    Its in the terms and conditions. They've been doing it since day one, its their business model, its well known.

    Now you're concerned that someone else stole it and is selling it?

    You put the data on a public website with the intention of showing it to others. There is no reason for you to be doing anything on linked in that you do not intend to be public.

    How can they 'steal' data that you are intentionally begging people to take? Thats the point of linked in to its users, YOU WANT PEOPLE TO 'STEAL YOUR DATA' on linked in.

    Do you guys get shocked when you write your name and phone number on the bathroom wall and then random people call you? Thats how stupid this story is.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    1. Re:No shit sherlock by cdrudge · · Score: 2

      If you're a linked in user, YOUR DATA IS UP FOR SALE

      There's no need for the if statement. It's an unnecessary comparison since YOUR DATA IS UP FOR SALE on the internet.

  4. Not a question of IF by argStyopa · · Score: 4, Insightful

    It's Linkedin.

    The question isn't IF your data is for sale, it's whether Linkedin is selling it directly or whether a hacker's taken it and is selling it for cheaper.

    So really, Linkedin's bitch is actually that they're probably being undercut in the marketplace.

    --
    -Styopa
  5. Aren't these the guys who... by Solandri · · Score: 4, Insightful

    Isn't Linkedin the site where if my friend joins and leaves a box checked because he didn't read carefully, they download his entire contact list and spam all of his contacts, and I repeatedly get emails saying that he's joined and I should join too?

    Handing your info to a company whose ethical standards allow them to pull shenanigans like this is pretty much the same thing as hackers getting your info.

  6. Resume Required by s.petry · · Score: 2

    There is a whole lot of data in a Resume, which people post to LinkedIn as it is required for job hunting. Sure, you can restrict access to viewers of your resume but they have _YOUR_ credentials so _YOUR_ resume can be easily accessed.

    These hackers with your resume would have access to street addresses, phone numbers, email addresses, Twitter handles, and other aliases and information people normally include in resumes. It may not be your SSN and bank account information, but sure can be used for Social Engineering and more nefarious purposes.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.