Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy Security

Man Behind LinkedIn Scraping Said He Grabbed 700 Million Profiles 'For Fun' (9to5mac.com) 27

The man behind last month's scraping of LinkedIn data, which exposed the location, phone numbers, and inferred salaries of 700 million users, says that he did it "for fun" -- though he is also selling the data. 9to5Mac reports: BBC News spoke with the man who took the data, under the name Tom Liner: "How would you feel if all your information was catalogued by a hacker and put into a monster spreadsheet with millions of entries, to be sold online to the highest paying cyber-criminal? That's what a hacker calling himself Tom Liner did last month 'for fun' when he compiled a database of 700 million LinkedIn users from all over the world, which he is selling for around $5,000 [...]. In the case of Mr Liner, his latest exploit was announced at 08:57 BST in a post on a notorious hacking forum [...] 'Hi, I have 700 million 2021 LinkedIn records,' he wrote. Included in the post was a link to a sample of a million records and an invite for other hackers to contact him privately and make him offers for his database."

Liner says he was also behind the scraping of 533 million Facebook profiles back in April (you can check whether your data was grabbed): "Tom told me he created the 700 million LinkedIn database using 'almost the exact same technique' that he used to create the Facebook list. He said: 'It took me several months to do. It was very complex. I had to hack the API of LinkedIn. If you do too many requests for user data in one time then the system will permanently ban you.'"

This discussion has been archived. No new comments can be posted.

Man Behind LinkedIn Scraping Said He Grabbed 700 Million Profiles 'For Fun'

Comments Filter:
  • by WindBourne ( 631190 ) on Monday July 19, 2021 @06:30PM (#61599213) Journal
    Simple as that. The fact that it is public, means that it gets to be used however somebody else chooses. NOBODY has the right to grip about that.
    With that said, companies like Facebook, Microsoft, Apple, etc that takes data that was supposed to be private and moves it into public space, that is another issue.
    • I agree that the data is not protected by being put on a public site per-se, but if everyone signs the same agreement to not scrape the data, then there is a kind of legal form of protection. If you agree to not expose general user data en masse, then in a sense, you might reasonably expect that the data you provide would be limited to one off searchers, which are looking for that specific data.

      I get that EULA General Law Computer Code in degree of enforcement, but I don't think just because there is lim

    • Agreed, my name is the only semi accurate thing in the entire profile to be honest (it is truncated as well) so have at it I say! Garbage in is garbage out.
  • by Mononymous ( 6156676 ) on Monday July 19, 2021 @06:42PM (#61599229)

    How would you feel if all your information was catalogued by a hacker and put into a monster spreadsheet with millions of entries, to be sold online to the highest paying cyber-criminal?

    All your information? Why'd you put that on a public website? Whatever you put on there is searchable and scrapeable. Didn't you know that when you signed up?
    I use Facebook, but it doesn't really have that much about me. They know I like Weird Al Yankovic, but they don't have my phone number.

    • These websites asked for the data and promised to protect it.
      They then proceeded to make the data available to everyone.

      If anyone should get in trouble for these "hacks", it's LinkedIn and Facebook for failing to protect their users data.

      • I'm not sure you really understand LinkedIn. I have my name, contact info, and resume/CV on LinkedIn, which I'm happy to share with the world at large. That's how recruiters find me to offer me jobs. There's no information to protect, except for the benefit of LinkedIn. I put my information into LinkedIn with the *expectation* that it will be made public.

        As far as "Inferred salary", that's otherwise known as a "stats-based wild-ass guess". LinkedIn has no idea how much I earn. What they probably do know is how much people with similar jobs and levels of experience earn. Big whoop.

      • by rtb61 ( 674572 )

        They asked for the data, you are meant to secure it and say NO. That is how you secure your data. You gave it away, for plastic beads, your private life, who you are, how you can be targeted and manipulated, you did not give away your data, you gave away control of yourself, your family and some of you morons your children.

        The children are the worst off, their children's privacy for life, sold for some plastic beads, what disgusting parents. Their children data mined, the corporations, knowing more about t

        • The children are the worst off, their children's privacy for life, sold for some plastic beads, what disgusting parents. Their children data mined, the corporations, knowing more about the psychology of that child than the child does. How they can be targeted, how they can be manipulated for life, their parents sold access to their children for fucking convenience, some really rotten parenting right there, selling their children's mind for convenience for themselves, sick as fuck.

          People put their children on LinkedIn?

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      They know I like Weird Al Yankovic, but they don't have my phone number.

      That you think they don't have your phone number is adorable. This hinges on none of your contacts having done a bulk import of friends/contacts, ever.

    • Facebook, LinkedIn et al almost certainly know your name and phone number even if you havenâ(TM)t created an account.

      Out of the 1000 odd people in my address book, I would venture that 900 couldnâ(TM)t care less about their own privacy leave alone mine and when FB asks to upload their contacts, they blissfully click on âoeyes.â

    • What do you mean "highest paying?"

      The wonderful thing about digital information is that after you sell it, you still have it. You can sell it over and over and over.

      that actually brings up an interesting optimization problem; do you maximize your profits by selling it as the offers come in, or do you charge a premium to the first buyer for a week of exclusive access, and then start selling to others, maybe one more every few days lowering the price as you go and the data gets stale?

    • by Anonymous Coward

      Your sound bite honestly sounds like the description for credit cards, or any of the other millions of databases I exist in.

      The only saving grace being they mostly compete amongst themselves, that my entries are shared but just among allies and mergers and buyers, that the entire system is largely chaotic and discordant, that data analysts have more than they know what to do with.

      On a more "benign" side, you can imagine the ten thousand invisible dominos that tick when you cause insurance to pay for a bit o

    • Use of "all information" is a straw man argument. No one ever puts all info anywhere. Not enough time in life to accumulate info if you spend time sharing. As to real proposal; perfectly alright with me if someone displays the info I have shared, simply because I recognize that any info I put on someone else's database without stringent protections is basically making it public. Could even this info pose a danger? Sure, that is why I am armed. Anyone attempting to use such info to track me down (like
    • I already have access to a few hundred LinkedIN profiles that I don't read and don't care about. I certainly can't imagine wanting access to any more.
  • And don't feel bad about it.

  • fun (Score:4, Funny)

    by algaeman ( 600564 ) on Monday July 19, 2021 @07:08PM (#61599267)
    If you enjoy what you do, you'll never work a day in your life. Especially after you are convicted and imprisoned.
    • Well, now, that is a bit cynical. Funny, tho. Points. AS to the doof that stole the data, how is that different from the fun derived by a similar doof who vandalizes a building wall with his impression of art? Both seize something made by others. Both manipulate to their own purposes what they have "stolen". And, both had fun. That neither considers the feelings or real impact upon others, especially the creators, is irrelevant to them. I think that is either called psychopath or sociopath, too earl
  • by rmdingler ( 1955220 ) on Monday July 19, 2021 @07:13PM (#61599275) Journal

    I have some things around the outer circumference of my property, outside the fence proper but still on the land I can keep as long as I can make the property taxes.

    These things mean relatively little to me, but if they meANT more, I'd have them ensconced behind the fence, closer to or inside a shed, or the house, arbitrarily on the value scale I ascribe them.

    Things often disappear from the outermost regions of the dingdom, yet that is ironically the first layer of security. You just divert the adhd cat's attention and oftentimes he doesn't have the time capital to spend pillaging deeper into your humble castle.

  • ...under the name Tom Liner

    Come on, you were so close to greatness!

    Two possibilities you just missed by a whisker:

    Head Liner

    OR

    Tom Petty Theft

  • This is public data, put up by people themselves for the express purpose of the entire world seeing it. This is not "hacking" by any stretch of the meaning.
    • The API is designed not to cough up the data easily. He worked around the API in order to get the data. Manipulating the system to do something it's not designed to do for your benefit is the definition of hacking.

      It's not cracking.

  • You name, address and phone number catalogued in a database for the public to search? Imagine if they printed it in a giant book and dropped a copy on everyone's door! Humanity itself may implode.

    Seriously though people put this information on LinkedIn for what? Thinking it's their private cloud? Because they have no post-its to write down their telephone number? No, so others can contact them. They should be thankful that someone is spreading the good word.

  • How would you feel if all your information was catalogued by a hacker and put into a monster spreadsheet with millions of entries

    This is how I feel about LinkedIn when it imports my contact information from other people using their service.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...