this post was submitted on 08 Nov 2023
564 points (89.8% liked)

Technology

59166 readers
2122 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The same threat actor has leaked larger amounts of data from LinkedIn dated 2023. They claim this new data contains 35M lines and is 12 GB uncompressed.

top 50 comments
sorted by: hot top controversial new old
[–] jherazob@kbin.social 236 points 1 year ago (1 children)
[–] DudeDudenson@lemmings.world 49 points 1 year ago

Yeah but that doesn't get the clicks!!!!11one!

[–] Agility0971@lemmy.world 93 points 1 year ago

It says it's scraped and not leaked

[–] DirkMcCallahan@lemmy.world 78 points 1 year ago (5 children)

Well, fuck. This was the ONE social media site that I put my data on, and that was out of necessity (job hunting). I know it's not the same, but this sort of feels like the Equifax breach.

[–] mriormro@lemmy.world 53 points 1 year ago (4 children)

I stopped using LinkedIn several years ago when it was turning into some hideous social media thing rather than just a place to keep an updated cv. I took a look at it six or so months ago and Jesus Christ, what the fuck happened?

It appears to now just be filled with people desperately trying to convince other people that they're an expert when in reality they're just talking to themselves and no one's really listening.

[–] half_fiction@lemmy.dbzer0.com 13 points 1 year ago* (last edited 1 year ago) (2 children)

It's so stupid, but definitely can be helpful professionally to maintain a profile there. Depends on your experience and what field you're in, of course, but recruiters seem to use it a fair amount.

Definitely don't use it for the garbage social media aspect (it's like some weird crowd-sourced Chicken Soup for the Soul shit??) However, I've been convinced of its utility after getting a new job through a recruiter there without even looking. The process was sooo easy compared to applying for jobs the traditional way. Icing on the cake was that it came with a 50% raise and was for a position I would never have applied for on my own but I love it. Maybe it was lightning in a bottle, but I figure doesn't hurt to keep up a page just in case another good opportunity comes along. If nothing else, the recruiters I hear from give me a sense of how hot the market is and what kind of jobs my profile is pinging me for in case I want to make tweaks.

load more comments (2 replies)
[–] Touching_Grass@lemmy.world 8 points 1 year ago* (last edited 1 year ago)

Its all HR people constantly job hunting by sharing the equivalent of those "hang in there" wall posters from the 90s and adding a paragraph about what it takes to make it in the workforce.

Ill make one of these bullshit posts now.

Suggested:

In school my old teacher Mr. Gerry would perform the elephant toothpaste experiment. This got me thinking. The glass beaker is like the job market and the chemicals mixed together is like your marketable skills that grow to fill the needs of the job market. In my 16 years as a human asset coordinator I've come across many difficulties that required shifts in how I approached the job market. Be like the elephants toothpaste and explode into the market beeeeyaaaaa

load more comments (2 replies)
[–] MudMan@kbin.social 46 points 1 year ago (1 children)

If it's any consolation, LinkedIn is notoriously terrible at this, so your data was probably out there as early as 2016 and almost certainly after 2021, when they managed to get hit with similar breaches twice in the same year.

load more comments (1 replies)
[–] FangedWyvern42@lemmy.world 13 points 1 year ago* (last edited 1 year ago)

It’s not an actual leak. It’s mostly scraped data and fake addresses.

[–] woshang@lemmy.world 13 points 1 year ago* (last edited 1 year ago) (2 children)

And we share real background information, very specific details. This could lead them to our friends and colleagues!

But I'm not sure it can be called social media, though, but if you are looking for social media platforms that can avoids data leaks, and don't ask for your personal info when register, WireMin and Damus are both good choices.

Speaking of which, we should have a version of LinkedIn that is decentralized!

[–] Corkyskog@sh.itjust.works 6 points 1 year ago* (last edited 1 year ago)

linked in that is decentralized

Now you shut your damn mouth, let's just let Linked In die like it was always supposed to. It's not some sort of positive networking platform, it's just a platform that reinforces the old boys club, with some cringey posts from people who are trying to hard.

load more comments (1 replies)
[–] ShittyBeatlesFCPres@lemmy.world 55 points 1 year ago (2 children)

What private info is on LinkedIn? I thought the whole point was to make your resume public and get found by employers.

[–] pineapplelover@lemm.ee 9 points 1 year ago

Yeah it's the only public social media I have with any personal information. If it leaks I'm fine with that because I use VPN and even have my email alias on there.

load more comments (1 replies)
[–] ExLisper@linux.community 45 points 1 year ago (1 children)

Can someone check if my password is there? It's 'dupa.7'. Thanks.

[–] uranibaba@lemmy.world 32 points 1 year ago (1 children)

dupa.7

https://haveibeenpwned.com/Passwords confirms that is has been hacked 11 times.

[–] ExLisper@linux.community 69 points 1 year ago (3 children)

Ok, changed to 'dupa.8'. Thanks.

[–] TheGreenGolem@lemm.ee 20 points 1 year ago (1 children)

Or the most secure one: hunter2

[–] Car@lemmy.dbzer0.com 26 points 1 year ago (1 children)

What's that? All I see is *******

[–] Mossheart@lemmy.ca 10 points 1 year ago (1 children)

I see Lemmy has implemented Reddit's security settings. Impressive.

[–] Akasazh@feddit.nl 7 points 1 year ago

~~Reddit~~

IRC ftfy

[–] elscallr@lemmy.world 18 points 1 year ago

s e c u r i t y

[–] SendMePhotos@lemmy.world 6 points 1 year ago

This password has been seen 2,265 times before

[–] figaro@lemdro.id 42 points 1 year ago (1 children)

I'm excited for my class action award of $3

[–] Daft_ish@lemmy.world 41 points 1 year ago* (last edited 1 year ago) (1 children)

Figures. The only way to get someone interested in my linkedin account is for them to steal the data.

Let me know if you see anything you like. I didn't put it on there but I'm also proficient in bocce ball

load more comments (1 replies)
[–] CosmicCleric@lemmy.world 34 points 1 year ago (1 children)

The jokes on LinkedIn. T-Mobile already has my social security number, birth date, and other important information on the dark web, thanks to their security breach.

[–] Skwerls@discuss.tchncs.de 13 points 1 year ago (3 children)

Don't forget Equifax, assuming you are in the USA

load more comments (3 replies)
[–] TWeaK@lemm.ee 30 points 1 year ago (9 children)

Slightly refreshing from them selling your email to spammers as soon as you signed up.

load more comments (9 replies)
[–] mot@lemmy.world 29 points 1 year ago

According to Troy Hunt this alleged leak is mostly from older leaks and fake data:

"this data is a combination of information sourced from public LinkedIn profiles, fabricated emails address and in part (anecdotally based on simply eyeballing the data this is a small part), the other sources in the column headings above. But the people are real, the companies are real, the domains are real and in many cases, the email addresses themselves are real"

Source: https://www.troyhunt.com/hackers-scrapers-fakers-whats-really-inside-the-latest-linkedin-dataset/

[–] Captain_Patchy@lemmy.world 29 points 1 year ago (2 children)

Again and again and again and again. I get more spam on my linkedin email address than I do on any other.

[–] uranibaba@lemmy.world 13 points 1 year ago (11 children)

I have a set it up so that any email sent to unknown users on my domain gets redirected to email. If you send an email to bad_address@example.com and my real email is uranibaba@example.com, I will still receive the email.

Now this is great because I will just use name_of_service@example.com and still get the email. If the email is leaked, I will know where it came from.

load more comments (11 replies)
load more comments (1 replies)
[–] RidcullyTheBrown@lemmy.world 25 points 1 year ago (1 children)

That would explain the targeted scams I've been subjected to which seem to have been coming from old colleagues

load more comments (1 replies)
[–] AgentGrimstone@lemmy.world 24 points 1 year ago

Gadammit, my linkedin uses my clean email account. Linkedin security, do better!

[–] NeoNachtwaechter@lemmy.world 16 points 1 year ago (1 children)

So glad that I did NOT simply close my account there, but instead I changed every single piece of personal data to some meaningless xyz123 before I finally closed it.

[–] Potatisen@lemmy.world 6 points 1 year ago (1 children)

Your old info is still backed up there

load more comments (1 replies)
[–] spudwart@spudwart.com 11 points 1 year ago (2 children)

Was surprised at first, then I went to go log in to change my password.

And then it said I was emailed a 2FA code... the code was part of the email header.

Now I'm completely unsurprised this happened.

[–] kungen@feddit.nu 20 points 1 year ago (6 children)

I'm not sure what you're implying here regarding headers? Email is insecure regardless; even when using SMTP with TLS, it's not like the headers are exposed whereas the body would be encrypted or something.

load more comments (6 replies)
[–] corsicanguppy@lemmy.ca 15 points 1 year ago (1 children)

the code was part of the

... part of the Subject header in the encrypted body of the message, you mean? What a nothing-burger.

[–] jarfil@lemmy.world 6 points 1 year ago

encrypted body of the message

Encrypted what? LinkedIn lets you add a key/cert to send you encrypted emails?

[–] DrM@feddit.de 11 points 1 year ago (3 children)

That's why today I got an email from a headhunter that used Data from my LinkedIn profile. Fuck this.

[–] funkless_eck@sh.itjust.works 7 points 1 year ago

no because they probably paid a couple of hundred bucks to email you from one of the many data banks that source their information from LinkedIn.

load more comments (2 replies)
[–] cestvrai@lemm.ee 8 points 1 year ago (1 children)

Doesn’t sound like anything that hasn’t already been leaked elsewhere, boring 🥱

[–] HubertManne@kbin.social 10 points 1 year ago

Not to mention its on my resume so its pretty available.

[–] earmuff@lemmy.dbzer0.com 7 points 1 year ago (1 children)

Anyone got an onion url to that forum? Asking for a friend.

[–] iAmNotorious@lemmy.world 6 points 1 year ago

It’s just BreachForums. Pretty sure the whole site is a honey pot.

[–] nero@lemmy.world 6 points 1 year ago* (last edited 1 year ago) (3 children)

Great timing, started using linkedin like 2 weeks ago😅

load more comments (3 replies)
load more comments
view more: next ›