Microsoft Corp’s networking site says some LinkedIn dat has been made available for sale.
As a recent Reuters report says:
The incident was not a data breach and no private member account data from the platform was included, LinkedIn said in a blog post bit.ly/3uB4nEy on Thursday, adding that the information on sale is a collection of data from a number of websites and companies.
CyberNews had reported bit.ly/3uCaNTP on April 6 that an archive of data scraped from 500 million LinkedIn profiles was put for sale on a popular hacker forum.
Earlier this week, Facebook Inc said “malicious actors” had obtained data prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for syncing contacts.
LinkedIn hasn’t yet said anything about how many users were affected and how this occurred.
Two years ago, we learned about how another social media giant — Facebook — was storing user passwords in plaintext. Their blog post admitted to storing “hundreds of millions” of users’ passwords in plaintext for years. This is an insecure method without adding other security measures, such as hashes and salts.
Read Next: 5 Principles For Effective Cybersecurity Leadership in Post-COVID
Facebook maintained that no passwords were ever visible to anyone outside of the social media company, and that the company had “found no evidence to date that anyone internally abused or improperly accessed them.”
Of course, we don’t know if the LinkedIn scrape is the result of a similar situation. Likely, it isn’t.
But the propensity for large social media companies to mishandle user data seems to be astoundingly prevalent.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply