The same threat actor has leaked larger amounts of data from LinkedIn dated 2023. They claim this new data contains 35M lines and is 12 GB uncompressed.

  • DirkMcCallahan@lemmy.world
    link
    fedilink
    English
    arrow-up
    87
    arrow-down
    10
    ·
    1 year ago

    Well, fuck. This was the ONE social media site that I put my data on, and that was out of necessity (job hunting). I know it’s not the same, but this sort of feels like the Equifax breach.

    • mriormro@lemmy.world
      link
      fedilink
      English
      arrow-up
      49
      arrow-down
      1
      ·
      1 year ago

      I stopped using LinkedIn several years ago when it was turning into some hideous social media thing rather than just a place to keep an updated cv. I took a look at it six or so months ago and Jesus Christ, what the fuck happened?

      It appears to now just be filled with people desperately trying to convince other people that they’re an expert when in reality they’re just talking to themselves and no one’s really listening.

      • half_fiction@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        2
        ·
        edit-2
        1 year ago

        It’s so stupid, but definitely can be helpful professionally to maintain a profile there. Depends on your experience and what field you’re in, of course, but recruiters seem to use it a fair amount.

        Definitely don’t use it for the garbage social media aspect (it’s like some weird crowd-sourced Chicken Soup for the Soul shit??) However, I’ve been convinced of its utility after getting a new job through a recruiter there without even looking. The process was sooo easy compared to applying for jobs the traditional way. Icing on the cake was that it came with a 50% raise and was for a position I would never have applied for on my own but I love it. Maybe it was lightning in a bottle, but I figure doesn’t hurt to keep up a page just in case another good opportunity comes along. If nothing else, the recruiters I hear from give me a sense of how hot the market is and what kind of jobs my profile is pinging me for in case I want to make tweaks.

        • mriormro@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          For sure, there’s definitely utility to having one. I just got fed up with constantly getting pinged by recruiters that were clearly bots as well as all of the @ mentioning on said ‘chicken soup for the soul’ bullshit posts.

          • half_fiction@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Oh god yeah, I feel that. I’d have a harder time keeping mine up if my colleagues were actually attempting to engage with me on it haha.

      • Touching_Grass@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        ·
        edit-2
        1 year ago

        Its all HR people constantly job hunting by sharing the equivalent of those “hang in there” wall posters from the 90s and adding a paragraph about what it takes to make it in the workforce.

        Ill make one of these bullshit posts now.

        Suggested:

        In school my old teacher Mr. Gerry would perform the elephant toothpaste experiment. This got me thinking. The glass beaker is like the job market and the chemicals mixed together is like your marketable skills that grow to fill the needs of the job market. In my 16 years as a human asset coordinator I’ve come across many difficulties that required shifts in how I approached the job market. Be like the elephants toothpaste and explode into the market beeeeyaaaaa

      • Phoenixz@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        And everyone is a *manager or “executive of”. Even a McDonalds burger flipper is “executive in charge of protein rotation”

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        It still works as intended if you ignore all that and keep your head down. I get a fair amount of relevant offers and I got rather nice jobs through it over the last 15 years.

    • MudMan@kbin.social
      link
      fedilink
      arrow-up
      44
      arrow-down
      1
      ·
      1 year ago

      If it’s any consolation, LinkedIn is notoriously terrible at this, so your data was probably out there as early as 2016 and almost certainly after 2021, when they managed to get hit with similar breaches twice in the same year.

    • Wothe@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      4
      ·
      edit-2
      1 year ago

      And we share real background information, very specific details. This could lead them to our friends and colleagues!

      But I’m not sure it can be called social media, though, but if you are looking for social media platforms that can avoids data leaks, and don’t ask for your personal info when register, WireMin and Damus are both good choices.

      Speaking of which, we should have a version of LinkedIn that is decentralized!

      • Corkyskog
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        2
        ·
        edit-2
        1 year ago

        linked in that is decentralized

        Now you shut your damn mouth, let’s just let Linked In die like it was always supposed to. It’s not some sort of positive networking platform, it’s just a platform that reinforces the old boys club, with some cringey posts from people who are trying to hard.

    • /home/pineapplelover@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      Yeah it’s the only public social media I have with any personal information. If it leaks I’m fine with that because I use VPN and even have my email alias on there.

    • OsrsNeedsF2P@lemmy.ml
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      LinkedIn sells the info themselves, they don’t let the general public easily scrape/access it

  • Daft_ish@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    ·
    edit-2
    1 year ago

    Figures. The only way to get someone interested in my linkedin account is for them to steal the data.

    Let me know if you see anything you like. I didn’t put it on there but I’m also proficient in bocce ball

    • uranibaba@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      I have a set it up so that any email sent to unknown users on my domain gets redirected to email. If you send an email to bad_address@example.com and my real email is uranibaba@example.com, I will still receive the email.

      Now this is great because I will just use name_of_service@example.com and still get the email. If the email is leaked, I will know where it came from.

      • elscallr@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Owning your own domain is great that way. Even makes the little bit I pay to ProtonMail well worth it. There are a few addresses I have dedicated, like my [email protected], me@, and my-name@, but the rest just go to a catch all. It’s fantastic.

        • uranibaba@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          My mail is hosted by my domain host but I am considering switching to Proton. Have you done such a move?

          • Illiterate Domine@infosec.pub
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I made that move and had no issues. You can copy/paste your way through DNS setup and the rest is just configuring your proton account how you want.

            You’ll want to be familiar with proton and some of the tradeoffs in its privacy model, but it’s most likely more feature-full than a hosting provider. Dreamhost, for one, is quite basic.

      • Cosmic Cleric@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        Be careful, my domain got on a whole bunch of ISP’s spam lists because I had done the same thing.

        They really don’t like open domain email working.

        • Styxia@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          That’s annoying! It’s not been my experience, out of curiosity do you have any theories why your domain/aliases got blocked?

          • Cosmic Cleric@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            out of curiosity do you have any theories why your domain/aliases got blocked?

            For my domain it was put on a spam list that various ISPs use.

            When I spoke with one ISP they said it’s because I had an open email address situation going, where a spammer can send a spam email out to a third party and on the reply address to they can make up anything as an email address for my domain name and it would be ‘valid’ because my domain email server was set up to receive all emails that you described.

            And because of that I got put on a global spam list which many ISPs use. At the time I didn’t even know about my domain being on the list, I just noticed a big drop in emails I was receiving.

            FYI this happened over a decade ago, so I do not know if that is the current practice today. But better to make sure any email addresses to your domain that is not valid does not go through. No “catch all” bucket situation.

            • chaospatterns@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 year ago

              That’s not because you have a wildcard. That’s because you need to implement DKIM, DMARC, and SPF records to prevent others from using your domain name to send mail.

              MTAs use those standards to verify if somebody is permitted to send email for your domain. If you don’t have those set then you can get what that ISP described.

              • Cosmic Cleric@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                1 year ago

                That’s because you need to implement DKIM, DMARC, and SPF records to prevent others from using your domain name to send mail.

                Well I used a third party service to host my domain, and as far as I can remember (like I said this was over a decade ago, maybe almost two decades), everything was set up correctly at that time.

                Not trying to dispute what you said, but I can at least speak towards that as far as we knew at the time we had the domain set up correctly on our end, the stuff we could control.

                The only thing is we had a catch-all bucket setting turned on for emails to be forwarded to an internal email address of our domain.

                • bane_killgrind@lemmy.ml
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  1 year ago

                  There has never been a correct way to deploy these services, just increasingly complex, featurefull, and or secure ways to do it

    • Veloxization@yiffit.net
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I ended up just disabling the alias I use to receive emails from LinkedIn. Since I noticed I just kept deleting those emails without ever reading them, I figured I’d just opt to not receive any emails. :D

  • mot@lemmy.world
    link
    fedilink
    English
    arrow-up
    25
    ·
    1 year ago

    According to Troy Hunt this alleged leak is mostly from older leaks and fake data:

    “this data is a combination of information sourced from public LinkedIn profiles, fabricated emails address and in part (anecdotally based on simply eyeballing the data this is a small part), the other sources in the column headings above. But the people are real, the companies are real, the domains are real and in many cases, the email addresses themselves are real”

    Source: https://www.troyhunt.com/hackers-scrapers-fakers-whats-really-inside-the-latest-linkedin-dataset/

  • RidcullyTheBrown@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    4
    ·
    1 year ago

    That would explain the targeted scams I’ve been subjected to which seem to have been coming from old colleagues

    • Endorkend@kbin.social
      link
      fedilink
      arrow-up
      9
      arrow-down
      5
      ·
      1 year ago

      Now I know why I’m getting scam mails on the email address that I never use online and scam phonecalls on the phone number I never use online, except for LinkedIn.

  • Cosmic Cleric@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    1
    ·
    1 year ago

    The jokes on LinkedIn. T-Mobile already has my social security number, birth date, and other important information on the dark web, thanks to their security breach.

      • Inept@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Don’t forget the OPM hack in 2014, also assuming you’re in the USA and received a military/government background check.

      • Cosmic Cleric@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Don’t forget Equifax, assuming you are in the USA

        I mentioned T-Mobile because I had gotten notification from AAA/ProtectMyID service that I was signed up for free after one of their breaches, that my information from the T-Mobile incident what was on the dark web. The scan service specifically mentioned T-Mobile.

        But yeah you’re right, I knew also that Equifax had problems as well.

  • spudwart@spudwart.com
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    8
    ·
    1 year ago

    Was surprised at first, then I went to go log in to change my password.

    And then it said I was emailed a 2FA code… the code was part of the email header.

    Now I’m completely unsurprised this happened.

    • kungen@feddit.nu
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      1
      ·
      1 year ago

      I’m not sure what you’re implying here regarding headers? Email is insecure regardless; even when using SMTP with TLS, it’s not like the headers are exposed whereas the body would be encrypted or something.

        • kungen@feddit.nu
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 year ago

          well with PGP, the header is unencrypted

          Is there a single large company that even sends PGP email?

          logging into example.com with the user’s email and that 2fa code is going to be a breeze

          Sure, IF 1. you already have the user’s password, and 2. a new code wouldn’t be required/the previous code invalidated when initiating a new login session?

          Like, I’m not saying that 2FA codes via email is secure, but you’re implying that they are making a security hole via this - which I don’t see.

            • brothershamus@kbin.social
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              I used it. For about 10 minutes. Then I read the help files. Then I searched. Then I used it some more. Then I uninstalled it.

          • locuester@lemmy.zip
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            Yeah not following the logic. 2FA via email is insecure. Doesn’t matter where in the email. That person is confused about something.

    • corsicanguppy@lemmy.ca
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      3
      ·
      1 year ago

      the code was part of the

      … part of the Subject header in the encrypted body of the message, you mean? What a nothing-burger.

  • NeoNachtwaechter@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    1
    ·
    1 year ago

    So glad that I did NOT simply close my account there, but instead I changed every single piece of personal data to some meaningless xyz123 before I finally closed it.

  • TWeaK@lemm.ee
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    Slightly refreshing from them selling your email to spammers as soon as you signed up.