LinkedIn issues

Nanook

Administrator
Staff member
I'm glad I don't have a LinkedIn account. :rolleyes:

6 June 2012 Last updated at 23:28 GMT

LinkedIn passwords leaked by hackers

http://www.bbc.com/news/technology-18338956

Social networking website LinkedIn has said some of its members' passwords have been "compromised" after reports that more than six million passwords had been leaked onto the internet.

Hackers posted a file containing encrypted passwords onto a Russian web forum.

They have invited the hacking community to help with decryption.

LinkedIn, which has more than 150 million users, said the leaked passwords would no longer be valid.

Members would receive an email with instructions on how to reset them, the company said. Users would then receive a second email with further details about why the change was necessary, it added.

Privacy concern
The news comes as LinkedIn was forced to update its mobile app after a privacy flaw was uncovered by security researchers.

Skycure Security said the the mobile app was sending unencrypted calendar entries to LinkedIn servers without users' knowledge.

The information included meeting notes, which often contain information such as dialling numbers and passcodes for conference calls.

In response LinkedIn said it would "no longer send data from the meeting notes section of your calendar".

The company stressed that the calendar function was an opt-in feature.

However, the researchers who uncovered the flaw said the transmission of the data to LinkedIn's servers was done without a "clear indication from the app to the user".

In a statement posted on the company's blog, LinkedIn's mobile product head Joff Redfern said a new "learn more" link would be added to the app so users have a clearer picture about how their information is being used and transmitted.


What to do

Security experts have advised users to change their passwords on LinkedIn. Here's how:

1. Visit www.linkedin.com, and log-in with your details
2. Once logged-in, hover over your name in the top right-hand corner of the screen, and select 'Settings' from the menu
3. You may be asked to log-in again at this point
4. On the next screen, click the 'Account' button which is near the bottom of the page
5. Under the 'Email & Password' heading, you will find a link to change your password

If you use the same password on other sites, be sure to change those too.
 

Lioness1

Banned
Even on LinkedIn - A Nice Man Wants To Give Me Some Money....

http://neirajones.blogspot.co.uk/2013/11/a-nice-man-wants-to-give-me-some-money.html?goback=.gde_90564_member_5807381064636735489#!


@neirajones

Security can be fun... a blog about information security, payments, risk, fraud and social media... Opinions my own...
15 November 2013
A NICE MAN WANTS TO GIVE ME SOME MONEY…

I use LinkedIn a lot. I find it an excellent business networking tool and over the years, it has enabled me to meet some fantastic people and make lovely new friends. It’s a tool for reaching out and each time I receive a new connection request, I assume that I may be able to help that person in some way. In most cases, I remember that I have interacted with the individual outside of the social media sphere, but sometimes, I draw a blank (perhaps because my memory is getting worse with age!). Consequently, to frame the next interaction, I always look at their profile to see how many areas of interest are in common, how our respective networks intersect, or how many groups or companies are shared… More often than not, this gives me a good idea, but sometimes, it doesn't...
HAVE WE MET?…
I think the little things in life always make a big difference, so if someone has made the effort to contact me, even if I really have no idea who they are and why they approached me, the least I can do is reply… So rather than accept their invitation straight away I always ask the very simple question (using “Reply – don’t accept yetâ€):

Hello name,
Have we met?
Kind regards,
Neira

I hope everyone will recognise that LinkedIn account names with a combination of a) first name and last name are all in lower case letters, b) the number of connections is very low, c) the professional/academic history non-existent, and d) the companies belonged to don’t really match the profile (these are just some examples, but you get the gist) can be questionable... On occasions, it may be someone new to LinkedIn, a student seeking advice or a number of other legitimate situations which can be verified by having a conversation before connecting.
Generally, I find that by asking the simple question above, the interaction ends. But sometimes, albeit rarely, it looks very different…
And so it came that this week, I received a few invites with the recognisable characteristics I mentioned. All these interactions ended after I asked my simple question which made me think, hmmm, with such a rapid succession of similar requests, perhaps someone is trying something out there…
And then, two days ago, I received this:

Looking at Mike’s profile, I drew a blank:

And therefore I replied:
Upon which I got the pithy answer below:
Not deterred, I wanted to know more…
And I got:

Aha! So it’s not "mike" anymore, it’s "Barrister Mike Aku", and the language is becoming more formal, and I have a phone number with a Togo prefix (at least it matches the profile…)

So, on my sleuthing mission, I dial the number from a specially purchased phone, hiding my number (well, you never know!), to be told in French (which is the official language of Togo) by a nice lady that the number I requested is not in service… I then dump the phone (yeah, I know, I’m running with it….). I’m having fun, so I reply:

You’d think that would be the end of it, but oh no… And so below is for your delectation:
http://www.pinterest.com/pin/412642384579304304/

Well, what can I say, I won’t analyse the characteristics of this email as many have done this very well before me, and 419 scams have been going on for sooooo long that it’s boring. Boring, but sad, because if they are still going on, it means people are still falling for them…

So in my small way, I spread the word in this blog, and finished this episode on Linkedin with:
And reported it to Action Fraud

Stay safe.
 

Lioness1

Banned
LinkedIn Files Lawsuit against Face Account Creators

http://www.hotforsecurity.com/blog/linkedin-files-lawsuit-against-fake-account-creators-7594.html


HOTforSecurity
LinkedIn Files Lawsuit against Fake Account Creators
By: Bianca Stanescu | comment : 0 | January 08, 2014 | Posted in: E-Threats, Social Networks

LinkedIn filed a lawsuit against 10 people who created thousands of abusive accounts, according to the Wall Street Journal. The action comes less than two months after Bitdefender warned about fake recruiters enticing users of the social network with well-paid jobs.

On Monday, LinkedIn filed a lawsuit in the U.S. District Court for the Northern District of California. The social network’s representatives said they deleted the fake profiles and traced them to an account registered at cloud computing giant Amazon Web Services.
LinkedIn Files Lawsuit against Fake Account Creators

One of the fake LinkedIn profiles was put up by an attractive, bogus recruiter, named Annabella Erica.

LinkedIn accused the suspects of distributing malware on computers and puffing up users’ profiles. The business-focused network said cyber-criminals violated its user agreement by creating multiple fake accounts that stole data from legitimate profiles through a method known as scraping.

“It undermines the integrity and effectiveness of LinkedIn’s platform in several ways,†court documents read. “The world’s professionals utilize LinkedIn with the expectation that its contents are accurate and its user profiles legitimate.â€

Court documents show no evidence that the fake-account creators tried to break into LinkedIn systems. The filing doesn’t specify what the suspects were doing with the fake resumes, either.

LinkedIn asked Amazon Web Services for the names of the owners of the bogus accounts. The cloud computing giant did not immediately respond to a request for comment, according to the Wall Street Journal.

In November, Bitdefender warned about fake LinkedIn profiles that gather personal details and lead users to dangerous websites. Amid research into the growing number of social media scams, the antivirus software provider detected several virulent campaigns that lured victims with exciting job offers from attractive female recruiters.
 
Top