No private data, I beg your pardon? Maybe someone who's not as casual an user as me can weigh in, but the data revealed doesn't sound to me like it would be publicly visible. Most of it seems like...
This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed.
No private data, I beg your pardon? Maybe someone who's not as casual an user as me can weigh in, but the data revealed doesn't sound to me like it would be publicly visible. Most of it seems like the public parts of a profile, but some of it decidedly doesn't. Email/Phone? Inferred salary and experience?
I agree with you, this is for sure data that people did not think would be exposed and it's very bizarre of them to say it's not private. I've had to watch enough data security slideshows to know...
I agree with you, this is for sure data that people did not think would be exposed and it's very bizarre of them to say it's not private. I've had to watch enough data security slideshows to know that at least in my country, this meets the legal definition of personally identifiable data, which should be kept secure.
The only way I can interpret this is them saying that the data was scraped from a bad API, rather than taken directly from the bare servers by compromising a LinkedIn dev account or a database exploit or something. Even then it's a really weaselly way of putting it.
I can already see the argument that "none of this information is expected to be kept secure, we're a social networking site, so of course we publish the PII you hand us." Which holds true to a...
I've had to watch enough data security slideshows to know that at least in my country, this meets the legal definition of personally identifiable data, which should be kept secure.
I can already see the argument that "none of this information is expected to be kept secure, we're a social networking site, so of course we publish the PII you hand us." Which holds true to a degree, for e.g. your screen name, profile picture, location, employer. But some of it really isn't that.
Of course it's weaselly. Instead of leaving the key in the lock or losing it, they didn't install a damn lock. So it's "not a breach" because no security measures were breached. Which is, ya know, "technically correct" and all that snark, but it's something. Gives me hope at least my password wasn't compromised. Still shitty data protection.
I think we are missing answers to some basic questions about how LinkedIn works, like what is inferred salary and who normally sees it? What data do recruiters have access to?
I think we are missing answers to some basic questions about how LinkedIn works, like what is inferred salary and who normally sees it? What data do recruiters have access to?
According to the person who scooped it all, 'there is no vuln , its just crawling trough(sic) api' There's also another individual who is scamming the scammers in that thread, which is kind of...
According to the person who scooped it all, 'there is no vuln , its just crawling trough(sic) api'
There's also another individual who is scamming the scammers in that thread, which is kind of funny but still awful.. I think. I'm not sure what I think about that last part.
This makes me glad I didn't "Get on LinkedIn, everybody's on LinkedIn!" whenever some hiring goblin would bring it up. Not unless I'm forced to.
No private data, I beg your pardon? Maybe someone who's not as casual an user as me can weigh in, but the data revealed doesn't sound to me like it would be publicly visible. Most of it seems like the public parts of a profile, but some of it decidedly doesn't. Email/Phone? Inferred salary and experience?
I agree with you, this is for sure data that people did not think would be exposed and it's very bizarre of them to say it's not private. I've had to watch enough data security slideshows to know that at least in my country, this meets the legal definition of personally identifiable data, which should be kept secure.
The only way I can interpret this is them saying that the data was scraped from a bad API, rather than taken directly from the bare servers by compromising a LinkedIn dev account or a database exploit or something. Even then it's a really weaselly way of putting it.
I can already see the argument that "none of this information is expected to be kept secure, we're a social networking site, so of course we publish the PII you hand us." Which holds true to a degree, for e.g. your screen name, profile picture, location, employer. But some of it really isn't that.
Of course it's weaselly. Instead of leaving the key in the lock or losing it, they didn't install a damn lock. So it's "not a breach" because no security measures were breached. Which is, ya know, "technically correct" and all that snark, but it's something. Gives me hope at least my password wasn't compromised. Still shitty data protection.
I think we are missing answers to some basic questions about how LinkedIn works, like what is inferred salary and who normally sees it? What data do recruiters have access to?
According to the person who scooped it all, 'there is no vuln , its just crawling trough(sic) api'
There's also another individual who is scamming the scammers in that thread, which is kind of funny but still awful.. I think. I'm not sure what I think about that last part.