LinkedIn user data leaked: Database shows emails, profile data, phones, full names, and more confidential info.

Troy Hunt, the Have I Been Pwned person, has a very informative analysis of the breach that was not a breach, turns out nothing actually "leaked" from Linkedin, it's a mix of scrapped and generated stuff

Yeah but that doesn't get the clicks!!!!11one!

It says it's scraped and not leaked

Well, fuck. This was the ONE social media site that I put my data on, and that was out of necessity (job hunting). I know it's not the same, but this sort of feels like the Equifax breach.

I stopped using LinkedIn several years ago when it was turning into some hideous social media thing rather than just a place to keep an updated cv. I took a look at it six or so months ago and Jesus Christ, what the fuck happened?

It appears to now just be filled with people desperately trying to convince other people that they're an expert when in reality they're just talking to themselves and no one's really listening.
- It's so stupid, but definitely can be helpful professionally to maintain a profile there. Depends on your experience and what field you're in, of course, but recruiters seem to use it a fair amount.
  
  Definitely don't use it for the garbage social media aspect (it's like some weird crowd-sourced Chicken Soup for the Soul shit??) However, I've been convinced of its utility after getting a new job through a recruiter there without even looking. The process was sooo easy compared to applying for jobs the traditional way. Icing on the cake was that it came with a 50% raise and was for a position I would never have applied for on my own but I love it. Maybe it was lightning in a bottle, but I figure doesn't hurt to keep up a page just in case another good opportunity comes along. If nothing else, the recruiters I hear from give me a sense of how hot the market is and what kind of jobs my profile is pinging me for in case I want to make tweaks.
- It still works as intended if you ignore all that and keep your head down. I get a fair amount of relevant offers and I got rather nice jobs through it over the last 15 years.
If it's any consolation, LinkedIn is notoriously terrible at this, so your data was probably out there as early as 2016 and almost certainly after 2021, when they managed to get hit with similar breaches twice in the same year.
And we share real background information, very specific details. This could lead them to our friends and colleagues!

But I'm not sure it can be called social media, though, but if you are looking for social media platforms that can avoids data leaks, and don't ask for your personal info when register, WireMin and Damus are both good choices.

Speaking of which, we should have a version of LinkedIn that is decentralized!
- linked in that is decentralized
  
  Now you shut your damn mouth, let's just let Linked In die like it was always supposed to. It's not some sort of positive networking platform, it's just a platform that reinforces the old boys club, with some cringey posts from people who are trying to hard.
It’s not an actual leak. It’s mostly scraped data and fake addresses.
Same here, fuck.

What private info is on LinkedIn? I thought the whole point was to make your resume public and get found by employers.

Yeah it's the only public social media I have with any personal information. If it leaks I'm fine with that because I use VPN and even have my email alias on there.
LinkedIn sells the info themselves, they don't let the general public easily scrape/access it

Can someone check if my password is there? It's 'dupa.7'. Thanks.

dupa.7

https://haveibeenpwned.com/Passwords confirms that is has been hacked 11 times.
- Ok, changed to 'dupa.8'. Thanks.

I'm excited for my class action award of $3

Figures. The only way to get someone interested in my linkedin account is for them to steal the data.

Let me know if you see anything you like. I didn't put it on there but I'm also proficient in bocce ball

I bet they won't pay attention: you did not say if wooden or plastic bocce! C'mon!!

The jokes on LinkedIn. T-Mobile already has my social security number, birth date, and other important information on the dark web, thanks to their security breach.

Don't forget Equifax, assuming you are in the USA
- Strangely enough, that data doesn't seem to have surfaced anywhere. There's a decent chance it was stolen by a nation-state actor using it for espionage.
- Don't forget the OPM hack in 2014, also assuming you're in the USA and received a military/government background check.
- Don’t forget Equifax, assuming you are in the USA
  
  I mentioned T-Mobile because I had gotten notification from AAA/ProtectMyID service that I was signed up for free after one of their breaches, that my information from the T-Mobile incident what was on the dark web. The scan service specifically mentioned T-Mobile.
  
  But yeah you're right, I knew also that Equifax had problems as well.

Again and again and again and again. I get more spam on my linkedin email address than I do on any other.

I have a set it up so that any email sent to unknown users on my domain gets redirected to email. If you send an email to bad_address@example.com and my real email is uranibaba@example.com, I will still receive the email.

Now this is great because I will just use name_of_service@example.com and still get the email. If the email is leaked, I will know where it came from.
- Owning your own domain is great that way. Even makes the little bit I pay to ProtonMail well worth it. There are a few addresses I have dedicated, like my aws@example.com, me@, and my-name@, but the rest just go to a catch all. It's fantastic.
- Be careful, my domain got on a whole bunch of ISP's spam lists because I had done the same thing.
  
  They really don't like open domain email working.
I ended up just disabling the alias I use to receive emails from LinkedIn. Since I noticed I just kept deleting those emails without ever reading them, I figured I'd just opt to not receive any emails. :D

That would explain the targeted scams I've been subjected to which seem to have been coming from old colleagues

Was surprised at first, then I went to go log in to change my password.

And then it said I was emailed a 2FA code... the code was part of the email header.

Now I'm completely unsurprised this happened.

the code was part of the

... part of the Subject header in the encrypted body of the message, you mean? What a nothing-burger.
- encrypted body of the message
  
  Encrypted what? LinkedIn lets you add a key/cert to send you encrypted emails?

According to Troy Hunt this alleged leak is mostly from older leaks and fake data:

"this data is a combination of information sourced from public LinkedIn profiles, fabricated emails address and in part (anecdotally based on simply eyeballing the data this is a small part), the other sources in the column headings above. But the people are real, the companies are real, the domains are real and in many cases, the email addresses themselves are real"

Source: https://www.troyhunt.com/hackers-scrapers-fakers-whats-really-inside-the-latest-linkedin-dataset/

Gadammit, my linkedin uses my clean email account. Linkedin security, do better!

That's why today I got an email from a headhunter that used Data from my LinkedIn profile. Fuck this.

no because they probably paid a couple of hundred bucks to email you from one of the many data banks that source their information from LinkedIn.
My sarcasm detector is uncertain with this one.
- No sarcasm, I never got an E-Mail before from a Headhunter, only LinkedIn Messages. Not gonna lie, I hated it.

Anyone got an onion url to that forum? Asking for a friend.

It’s just BreachForums. Pretty sure the whole site is a honey pot.

Doesn’t sound like anything that hasn’t already been leaked elsewhere, boring 🥱

Not to mention its on my resume so its pretty available.

Great timing, started using linkedin like 2 weeks ago😅

Why? Are colleges still promoting it or something? LinkedIn use can be almost damaging to success. I know when we receive a packet that enthusiastically references their LinkedIn, we just roll our eyes. And in my personal experience, people who spend a lot of time on LinkedIn, just spend a lot of time on social media... which would get you in big trouble where I work. Yet people still do it and get caught.

We pretty much avoid LinkedIn like the plague. People over share and then all the sudden the committee has info in front of their eyeballs about a candidate that should never have been part of their info.
- I barely do anything with it, but most people here have one, it’s quite normal

Oh good. Just when I was looking for a job.