13 votes

LinkedIn breach reportedly exposes data of 92% of users, including inferred salaries

7 comments

  1. [2]
    FishFingus
    Link
    This makes me glad I didn't "Get on LinkedIn, everybody's on LinkedIn!" whenever some hiring goblin would bring it up. Not unless I'm forced to.

    This makes me glad I didn't "Get on LinkedIn, everybody's on LinkedIn!" whenever some hiring goblin would bring it up. Not unless I'm forced to.

    6 votes
    1. Keegan
      Link Parent
      As someone who got their summer internship (virtual) this summer via LinkedIn, I hate using it as a social site and the “influencer” culture on there, but for purely job searching it does well...

      As someone who got their summer internship (virtual) this summer via LinkedIn, I hate using it as a social site and the “influencer” culture on there, but for purely job searching it does well enough, since there’s plenty of people on it.

      2 votes
  2. [4]
    vektor
    Link
    No private data, I beg your pardon? Maybe someone who's not as casual an user as me can weigh in, but the data revealed doesn't sound to me like it would be publicly visible. Most of it seems like...

    This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed.

    No private data, I beg your pardon? Maybe someone who's not as casual an user as me can weigh in, but the data revealed doesn't sound to me like it would be publicly visible. Most of it seems like the public parts of a profile, but some of it decidedly doesn't. Email/Phone? Inferred salary and experience?

    4 votes
    1. [2]
      rogue_cricket
      Link Parent
      I agree with you, this is for sure data that people did not think would be exposed and it's very bizarre of them to say it's not private. I've had to watch enough data security slideshows to know...

      I agree with you, this is for sure data that people did not think would be exposed and it's very bizarre of them to say it's not private. I've had to watch enough data security slideshows to know that at least in my country, this meets the legal definition of personally identifiable data, which should be kept secure.

      The only way I can interpret this is them saying that the data was scraped from a bad API, rather than taken directly from the bare servers by compromising a LinkedIn dev account or a database exploit or something. Even then it's a really weaselly way of putting it.

      6 votes
      1. vektor
        Link Parent
        I can already see the argument that "none of this information is expected to be kept secure, we're a social networking site, so of course we publish the PII you hand us." Which holds true to a...

        I've had to watch enough data security slideshows to know that at least in my country, this meets the legal definition of personally identifiable data, which should be kept secure.

        I can already see the argument that "none of this information is expected to be kept secure, we're a social networking site, so of course we publish the PII you hand us." Which holds true to a degree, for e.g. your screen name, profile picture, location, employer. But some of it really isn't that.

        Of course it's weaselly. Instead of leaving the key in the lock or losing it, they didn't install a damn lock. So it's "not a breach" because no security measures were breached. Which is, ya know, "technically correct" and all that snark, but it's something. Gives me hope at least my password wasn't compromised. Still shitty data protection.

        2 votes
    2. skybrian
      Link Parent
      I think we are missing answers to some basic questions about how LinkedIn works, like what is inferred salary and who normally sees it? What data do recruiters have access to?

      I think we are missing answers to some basic questions about how LinkedIn works, like what is inferred salary and who normally sees it? What data do recruiters have access to?

      2 votes
  3. tomf
    Link
    According to the person who scooped it all, 'there is no vuln , its just crawling trough(sic) api' There's also another individual who is scamming the scammers in that thread, which is kind of...

    According to the person who scooped it all, 'there is no vuln , its just crawling trough(sic) api'

    There's also another individual who is scamming the scammers in that thread, which is kind of funny but still awful.. I think. I'm not sure what I think about that last part.

    2 votes