cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

LinkeDin joins Facebook in the breach sweepstakes!

OK, Facebook had a pretty major breach, with data from over half a billions users stolen.

 

Not to be outdone, LinkeDin has had a breach with data from almost as many users being put up for sale.  LinkeDin has had to work harder, to produce a breach that bad, since it only reports 740 million users, so the data must come from just about everybody who has ever been active on the site.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
3 Replies
Beads
Advocate I

A target that size would be inevitable to expect a breach of this size. Looking forward to the postmortem/after action review concludes. Should be interesting reading.

CraginS
Defender I


@rslade wrote:

...LinkeDin has had a breach with data from almost as many users being put up for sale.  LinkeDin has had to work harder, to produce a breach that bad, since it only reports 740 million users, so the data must come from just about everybody who has ever been active on the site.


I'm putting this one into my low-worry category. It appears the miscreants got only what I have shared publicly in my profile and home page. The possibility of being spoofed by someone with this database is one of the several reasons my LinkeDin profile opens with the statement,

"I accept LinkedIn connections only from individuals I actually know from direct interaction, either in person or online. (I am not active on Twitter or FaceBook.) Please use direct e-mail to contact me"

 

From the report article Rob linked,

"Included in the leaked data was "a variety of mostly professional information," including LinkedIn IDs, full names, email addresses, phone numbers, user gender, links to LinkedIn profiles, links to other connected social media profiles, professional titles and other work-related data. The leaked data doesn't appear to contain any credit card or other financial details, or legal documents that could be used for fraud.

The lack of financial or identification documentation doesn't mean the leaked data isn't dangerous, though. "Particularly determined attackers can combine information found in the leaked files with other data breaches in order to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum," CyberNews said."

 

=-=-=-=

Craig

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Beads
Advocate I

All this release provides the bad actors/"hacker types" is the ability to verify some basic details available elsewhere. Still this may be a good validation technique to verify current work status, where, how long, etc. Nothing there you couldn't look up by other means but this is now electronic and easier to search than typing into a website.