Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Privacy Technology

Hackers Leak LinkedIn 700 Million Data Scrape (therecord.media) 28

Posted by msmash from the PSA dept.
A collection containing data about more than 700 million users, believed to have been scraped from LinkedIn, was leaked online this week after hackers previously tried to sell it earlier this year in June. From a report: The collection, obtained by The Record from a source, is currently being shared in private Telegram channels in the form of a torrent file containing approximately 187 GB of archived data. The Record analyzed files from this collection and found the data to be authentic, with data points such as: LinkedIn profile names, LinkedIn ID, LinkedIn profile URL, location information (town, city, country), and email addresses. While the vast majority of the data points contained in the leak are already public information and pose no threat to LinkedIn users, the leak also contains email addresses that are not normally viewable to the public on the official LinkedIn site.
This discussion has been archived. No new comments can be posted.

Hackers Leak LinkedIn 700 Million Data Scrape More

Hackers Leak LinkedIn 700 Million Data Scrape

Comments Filter:

  • Am I misunderstanding this or is this just scraped data that anyone would be able to access from LinkedIn should they have simple browsing skills?

    • Re: (Score:3, Informative)

      by ytene ( 4376651 )
      The article seems to be hedging its bets on that question. In the detail, it notes that the dump includes email addresses, information that is not publicly available - and which therefore could not be scraped - but it goes on to concede that it is possible that the thieves could have added email addresses by merging two or more data sets.

      So for LinkedIn’s claims to be true, someone would have had to scrape the public data and then find a good matching source with enough data points to reliably matc

      • Re: (Score:2)

        by aitikin ( 909209 )

        Thank you!

        I thought email address were something that was codified into LinkedIn pages. Obviously it's been an incredibly long time since I've been on mine. I wonder what info they have on me on that.

      • it is possible that the thieves could have added email addresses by merging two or more data sets.

        That should be easy to check.

        Some people use unique emails for each account.

        Many people have multiple email addresses.

        So another dataset would contain many mismatches.

      • or they did a public scrape and then somehow got a good overlap with a.n.other random source of data that included correct email addresses?

        I think that's probably exactly what happened.

        I'd guess that these people are not unfamiliar with scrapes and dumped databases and whatnot; they probably have a bunch of data sources that they combined and refined.

    • This is why scrapers shouldn't get blocked. They should silently start getting fake data after a certain threshold so the attacker doesn't know what data is good.

      • I love it!

      • This is why scrapers shouldn't get blocked. They should silently start getting fake data after a certain threshold so the attacker doesn't know what data is good.

        I coded something like this into an SMF forum years ago for access of certain areas of the site (like the user list).

        If there were just too many accesses and/or it was too fast to be a human the code would start munging the data. It would alter and transpose numbers, fiddle with the email and street addresses, names, zip code, etc etc.

        It got triggered more than a few times over the years but not a lot, not like it would be today. It would probably go off 50 times a day now.

      • So that any attackers, or researchers, or anyone in-between, are drowned in junk data.

        A great policy, but only if your name is LinkedIn. Everyone else gets fucked. Who told you that was a good idea?

  • Torrent? (Score:3)

    by mveloso ( 325617 ) on Thursday September 23, 2021 @05:39PM (#61826225)

    Why don't these places ever tell you where the torrent file is?

    I mean WTF are these articles for, anyway?

    • Why don't these places ever tell you where the torrent file is?
      I mean WTF are these articles for, anyway?

      They're for clicks and page views.

  • Oh dear. (Score:3)

    by TechyImmigrant ( 175943 ) on Thursday September 23, 2021 @05:47PM (#61826239) Homepage Journal

    Does this mean I'll start getting spam? I've never seem spam in my email before.

    • Re: (Score:3)

      by ytene ( 4376651 )
      One of the more fun/interesting conversations you can have is with a company that has leaked your email and then try to deny it. Their go-to response when challenged is almost always, “You must have given your email address out to someone else”

      But suppose you’re a bit smarter than that and reply with: “OK, then riddle me this. Every time I’m asked for an email address by a web site, I got to Hotmail and I set up a brand new, dedicated account just for that site. I have a

      • It does require you to be a bit disciplined but most of us use a mail client on devices like a smartphone or tablet, so having half-a-dozen or more email address is really no burden - set it and forget it.

        Set them up as forwarders to the main inbox. Don't make this harder on yourself than it has to be. Then turn off an address if it gets compromised.

      • Register a gmail address. Then sign up with:
        +@gmail.com

        For added uniqueness, you can also add or delete periods. In fact, the use of periods in the email address would provide a way to have a "stealth" unique address per site, as long as you carefully recorded the location of the periods when setting up a login.

        • Google no longer recognizes the dot as unique.
          Johns.Hopkins @gmail.com is pretty much the same as johnshopkins@gmail.com

          Originally, they did. A dot in there was unique. Sometime later, not so much.
          One of my gmail addresses is similar to the first above. First registered long ago, when gmail was beta invitation only. Some years later, some dude on the other side of the country registered one similar to the second. I get his emails.

          I know far more about that dude than a person should.

          • Google no longer recognizes the dot as unique.
            Johns.Hopkins @gmail.com is pretty much the same as johnshopkins@gmail.com

            That's my point. You can sign up using "j.o.h.n.s.Hopkins@gmail.com" or
            "j.ohn.sh.opkins@gmail.com", and gmail will deliver them all to your inbox. Then, if you look at the message source, you can tell by the placement of periods, where you signed up the particular email address.

    • Many of the spammers who used the big LinkedIn leak from some years ago (are we sure this is not data from that leak?) can't or don't process email addresses properly, so my domain receives lots of emails to "linked@", because I signed up to Linked in with +linked@

    • Re:Oh dear. (Score:4, Funny)

      by Dutch Gun ( 899105 ) on Thursday September 23, 2021 @06:49PM (#61826421)

      Damnit, my resume has been made public! Now just about anyone can find me, learn about my professional skills, the projects I've worked on, and figure out how to contact me to offer more money than I currently earn. Whatever shall I do?

  • I started getting the "you appeared in X searches this week" emails recently.

  • With all those email addresses readily available, some body is about to get a lot of email subscribers. :D

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close