this post was submitted on 08 Nov 2023
565 points (89.8% liked)

Technology

59982 readers
3936 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

The same threat actor has leaked larger amounts of data from LinkedIn dated 2023. They claim this new data contains 35M lines and is 12 GB uncompressed.

you are viewing a single comment's thread
view the rest of the comments
[–] jungle 4 points 1 year ago (1 children)

Thanks, it's rare to find a well thought out answer in here like yours.

I agree that LinkedIn always did shady things to increase their user base. They used dark patterns to get access to your address book even as they got constant criticism for that, both externally and internally. One of their top product managers was actually proud of that, and said that they would have done more if possible.

But I very much doubt they actually sold their customer's emails at any point. They have always been very protective of their customer's data, fighting scrapers and limiting APIs. There's no upside to selling your customers info. You're undermining your own business by doing so.

[–] [email protected] 2 points 1 year ago (1 children)

and said that they would have done more if possible.

This there is the MO I was talking about.

I can't conclusively say whether or not LinkedIn intentionally sold my email, or whether they were just infected at the time. However, I feel like the former is at least as feasible, and even if it was the latter it's still reprehensible of them to be so lax in their security. Like I say, I've only experienced 2 websites that did that, and I've made up countless emails going on for years before then.

[–] jungle 1 points 1 year ago* (last edited 1 year ago)

They don't have lax security. They use industry standard measures, including encryption in transit and at rest, salted passwords (they were caught without salt over a decade ago and fixed it), internal training on security, phishing simulations, the works. Your data is their business, they don't want to lose it.