The same threat actor has leaked larger amounts of data from LinkedIn dated 2023. They claim this new data contains 35M lines and is 12 GB uncompressed.
It says it’s scraped and not leaked
LinkedIn user data leaked: Database shows emails, profile data, phones, full names, and more confidential info.
Submitted 1 year ago by woshang@lemmy.world to technology@lemmy.world
https://lemmy.world/pictrs/image/6fb000a4-583a-4a05-9613-c9cabae38baf.jpeg
Comments
Agility0971@lemmy.world 1 year ago
DirkMcCallahan@lemmy.world 1 year ago
Well, fuck. This was the ONE social media site that I put my data on, and that was out of necessity (job hunting). I know it’s not the same, but this sort of feels like the Equifax breach.
mriormro@lemmy.world 1 year ago
I stopped using LinkedIn several years ago when it was turning into some hideous social media thing rather than just a place to keep an updated cv. I took a look at it six or so months ago and Jesus Christ, what the fuck happened?
It appears to now just be filled with people desperately trying to convince other people that they’re an expert when in reality they’re just talking to themselves and no one’s really listening.
half_fiction@lemmy.dbzer0.com 1 year ago
It’s so stupid, but definitely can be helpful professionally to maintain a profile there. Depends on your experience and what field you’re in, of course, but recruiters seem to use it a fair amount.
Definitely don’t use it for the garbage social media aspect, but I’ve been convinced of its utility after getting a new job through a recruiter last year from there without even looking. The process was sooo easy compared to applying for jobs the traditional way. Icing on the cake was that it came with a 50% raise and was for a position I would never have applied for on my own but I love it. Maybe it was lightning in a bottle, but I figure doesn’t hurt to keep up a page just in case another good opportunity comes along.
Touching_Grass@lemmy.world 1 year ago
Its all HR people constantly job hunting by sharing the equivalent of those “hang in there” wall posters from the 90s and adding a paragraph about what it takes to make it in the workforce.
lemmyvore@feddit.nl 1 year ago
It still works as intended if you ignore all that and keep your head down. I get a fair amount of relevant offers and I got rather nice jobs through it over the last 15 years.
phoenixz@lemmy.ca 1 year ago
And everyone is a *manager or “executive of”. Even a McDonalds burger flipper is “executive in charge of protein rotation”
MudMan@kbin.social 1 year ago
If it's any consolation, LinkedIn is notoriously terrible at this, so your data was probably out there as early as 2016 and almost certainly after 2021, when they managed to get hit with similar breaches twice in the same year.
woshang@lemmy.world 1 year ago
And we share real background info, like very specific. This could lead them to our friends, colleagues!
Corkyskog@sh.itjust.works 1 year ago
linked in that is dentralized
Now you shut your damn mouth, let’s just let Linked In die like it was always supposed to. It’s not some sort of positive networking platform, it’s just a platform that reinforces the old boys club, with some cringey posts from people who are trying to hard.
FangedWyvern42@lemmy.world 1 year ago
It’s not an actual leak. It’s mostly scraped data.
rar@discuss.online 1 year ago
Same here, fuck.
ShittyBeatlesFCPres@lemmy.world 1 year ago
What private info is on LinkedIn? I thought the whole point was to make your resume public and get found by employers.
pineapplelover@lemm.ee 1 year ago
Yeah it’s the only public social media I have with any personal information. If it leaks I’m fine with that because I use VPN and even have my email alias on there.
Daft_ish@lemmy.world 1 year ago
Figures. The only way to get someone to be interested in my linked in account is for them to steal the data.
Let me know if you see anything you like. I didn’t put it on there but I’m also proficient in bocce ball
vodkasolution@feddit.it 1 year ago
I bet they won’t pay attention: you did not say if wooden or plastic bocce! C’mon!!
ExLisper@linux.community 1 year ago
Can someone check if my password is there? It’s ‘dupa.7’. Thanks.
uranibaba@lemmy.world 1 year ago
dupa.7
haveibeenpwned.com/Passwords confirms that is has been hacked 11 times.
spudwart@spudwart.com 1 year ago
Was surprised at first, then I went to go log in to change my password.
And then it said I was emailed a 2FA code… the code was part of the email header.
Now I’m completely unsurprised this happened.
kungen@feddit.nu 1 year ago
I’m not sure what you’re implying here regarding headers? Email is insecure regardless; even when using SMTP with TLS, it’s not like the headers are exposed whereas the body would be encrypted or something.
corsicanguppy@lemmy.ca 1 year ago
the code was part of the
… part of the Subject header in the encrypted body of the message, you mean? What a nothing-burger.
jarfil@lemmy.world 1 year ago
encrypted body of the message
Encrypted what? LinkedIn lets you add a key/cert to send you encrypted emails?
figaro@lemdro.id 1 year ago
I’m excited for my class action award of $3
cedarmesa@lemmy.world 1 year ago
[deleted]CeeBee@lemmy.world 1 year ago
What’s so good about milk from Malta?
CosmicCleric@lemmy.world 1 year ago
The jokes on LinkedIn. T-Mobile already has my social security number, birth date, and other important information on the dark web, thanks to their security breach.
Skwerls@discuss.tchncs.de 1 year ago
Don’t forget Equifax, assuming you are in the USA
Cornelius_Wangenheim@lemmy.world 1 year ago
Strangely enough, that data doesn’t seem to have surfaced anywhere. There’s a decent chance it was a nation-state actor doing it for espionage.
CosmicCleric@lemmy.world 1 year ago
Don’t forget Equifax, assuming you are in the USA
I mentioned T-Mobile because I had gotten notification from AAA/ProtectMyID service that I was signed up for free after one of their breaches, that my information from the T-Mobile incident what was on the dark web. The scan service specifically mentioned T-Mobile.
But yeah you’re right, I knew also that Equifax had problems as well.
Inept@lemmy.world 1 year ago
Don’t forget the OPM hack in 2014, also assuming you’re in the USA and received a military/government background check.
Captain_Patchy@lemmy.world 1 year ago
Again and again and again and again. I get more spam on my linkedin email address than I do on any other.
uranibaba@lemmy.world 1 year ago
I have a set it up so that any email sent to unknown users on my domain gets redirected to email. If you send an email to
bad_address@example.comand my real email isuranibaba@example.com, I will still receive the email.Now this is great because I will just use
name_of_service@example.comand still get the email. If the email is leaked, I will know where it came from.elscallr@lemmy.world 1 year ago
Owning your own domain is great that way. Even makes the little bit I pay to ProtonMail well worth it. There are a few addresses I have dedicated, like my aws@example.com, me@, and my-name@, but the rest just go to a catch all. It’s fantastic.
CosmicCleric@lemmy.world 1 year ago
Be careful, my domain got on a whole bunch of ISP’s spam lists because I had done the same thing.
They really don’t like open domain email working.
veloxization@yiffit.net 1 year ago
I ended up just disabling the alias I use to receive emails from LinkedIn. Since I noticed I just kept deleting those emails without ever reading them, I figured I’d just opt to not receive any emails. :D
TWeaK@lemm.ee 1 year ago
Slightly refreshing from them selling your email to spammers as soon as you signed up.
jungle@lemmy.world 1 year ago
How do you mean? Are you confusing recruiters reaching out to you with spammers?
TWeaK@lemm.ee 1 year ago
Nope, at one point I created a LinkedIn account and my email address immediately started getting spam.
I use unique emails for things. Technically, the emails don’t even exist, but I have a rule that any email that doesn’t exist will be forwarded to my actual account. So the made up email I used for LinkedIn was unique and had only ever been typed into the LinkedIn service.
I’ve been doing this for a while, and generally most things don’t seem to lose your email. There have been a few that were probably compromised, they were safe for a while then one day they were lost - this is more likely a malicious actor accessing the website’s database. However LinkedIn is one of only 2 websites I’ve signed up for that have instantly resulted in spam - the other was a porn website.
LinkedIn have always been shady as fuck. When they first started out, they convinced everyone to input their email login details. LinkedIn would then access your email account and send emails to all your contacts asking them to join - all coming directly from your email address, not theirs. That was how LinkedIn built its market share. Back in the MSN Messenger days, LinkedIn emails were pretty notorious, but also everyone was pretty carefree online. They were perhaps one of the first services to demonstrate that you really should be careful what you share online, even if it is a “legitimate” service. Not everyone learned that lesson.
The compromised email thing happend some time after the MSN Messenger days, and I admit that I was one of those gullible baffoons who fell for the login thing initially (I’ve had 3 LinkedIn accounts, my first, then the second which was unique but instantly spammed, then my current). I think the porn website was more or less around the same time as well, so it is possible that LinkedIn was compromised as well as the porn site, such that anyone who signed up for either service (and maybe some others) would instantly get added to a spam list - not by the service but by the malicious infection. However, it certainly would fit their MO for LinkedIn to just sell email addresses directly.
Nowadays, I do get emails to my current LinkedIn account email that clearly should not have been shared. These tend to be more focused on the industry I work in, instead of generic spam. Recruiters almost always contact me via messages.
Don’t give LinkedIn any more information than you have to. In particular, I would encourage users to share their CV’s off platform.
AnxiousOtter@lemmy.world 1 year ago
I would argue recruiters sending me mass generic emails for job offers only partially related to my field is, in fact, spam.
RidcullyTheBrown@lemmy.world 1 year ago
That would explain the targeted scams I’ve been subjected to which seem to have been coming from old colleagues
Endorkend@kbin.social 1 year ago
Now I know why I'm getting scam mails on the email address that I never use online and scam phonecalls on the phone number I never use online, except for LinkedIn.
AgentGrimstone@lemmy.world 1 year ago
Gadammit, my linkedin uses my clean email account. Linkedin security, do better!
mot@lemmy.world 1 year ago
According to Troy Hunt this alleged leak is mostly from older leaks and fake data:
“this data is a combination of information sourced from public LinkedIn profiles, fabricated emails address and in part (anecdotally based on simply eyeballing the data this is a small part), the other sources in the column headings above. But the people are real, the companies are real, the domains are real and in many cases, the email addresses themselves are real”
DrM@feddit.de 1 year ago
That’s why today I got an email from a headhunter that used Data from my LinkedIn profile. Fuck this.
funkless_eck@sh.itjust.works 1 year ago
no because they probably paid a couple of hundred bucks to email you from one of the many data banks that source their information from LinkedIn.
jungle@lemmy.world 1 year ago
My sarcasm detector is uncertain with this one.
DrM@feddit.de 1 year ago
No sarcasm, I never got an E-Mail before from a Headhunter, only LinkedIn Messages. Not gonna lie, I hated it.
NeoNachtwaechter@lemmy.world 1 year ago
So glad that I did NOT simply close my account there, but instead I changed every single piece of personal data to some meaningless xyz123 before I finally closed it.
Potatisen@lemmy.world 1 year ago
Your old info is still backed up there
NeoNachtwaechter@lemmy.world 1 year ago
Yes, but it was a while ago, and the backup gets older every day.
earmuff@lemmy.dbzer0.com 1 year ago
Anyone got an onion url to that forum? Asking for a friend.
iAmNotorious@lemmy.world 1 year ago
It’s just BreachForums. Pretty sure the whole site is a honey pot.
cestvrai@lemm.ee 1 year ago
Doesn’t sound like anything that hasn’t already been leaked elsewhere, boring 🥱
HubertManne@kbin.social 1 year ago
Not to mention its on my resume so its pretty available.
nero@lemmy.world 1 year ago
Great timing, started using linkedin like 2 weeks aho😅
Corkyskog@sh.itjust.works 1 year ago
Why? Are colleges still promoting it or something? LinkedIn use can be almost damaging to success. I know when we receive a packet that enthusiastically references their LinkedIn, we just roll our eyes. And in my personal experience, people who spend a lot of time on LinkedIn, just spend a lot of time on social media… which would get you in big trouble where I work. Yet people still do it and get caught.
nero@lemmy.world 1 year ago
I barely do anything with it, but most people here have one, it’s quite normal
FlyingSquid@lemmy.world 1 year ago
Oh good. Just when I was looking for a job.
jherazob@kbin.social 1 year ago
Troy Hunt, the Have I Been Pwned person, has a very informative analysis of the breach that was not a breach, turns out nothing actually "leaked" from Linkedin, it's a mix of scrapped and generated stuff
DudeDudenson@lemmings.world 1 year ago
Yeah but that doesn’t get the clicks!!!11one!