Pages in topic:   [1 2] >
LinkedIn security issue
Thread poster: Susan Welsh

Susan Welsh  Identity Verified
United States
Local time: 06:09
Member (2008)
Russian to English
+ ...
Feb 5, 2014

It suddenly dawned on me that when I go to LinkedIn, I have been seeing faces of people that I hardly know, but do have some relationship to, on my screen--because LinkedIn has downloaded my private email address book! I never gave permission to do any such thing. But I did notice that some time back the login screen started asking for your EMAIL password, rather than your LinkedIn password. I thought that was weird, but obediently did as I was told.

This seems to me a massive violation of privacy as well as a security issue. Now employees at LinkedIn, as well as any hacker who gains access to LinkedIn's user records (as happened a year or so ago), also has access to my address book, my email password, and untold amounts of personal information that is contained in emails.
I wrote to LinkedIn, but got no reply. There is no phone number anywhere that I can find on the site.

I am really appalled. Do any of you have knowledge about this sort of thing?


Direct link Reply with quote
 
The Misha
Local time: 06:09
Russian to English
+ ...
Oopsie! Feb 5, 2014

Hi, Susan! Sorry to hear about your predicament, but really, what did you expect? Once you post your personal information online, wherever it is, you really have no business expecting any privacy whatsoever. They latch onto you and never let go. Once upon a time, when I was younger and stupider, I also opened a LinkedIn account that I never actually used and never posted anything to it. It remained dangling for a while before I wisened up and closed it altogether - and mind you, received all kinds of confirmations and assurances it was indeed closed. Now guess what - the last time I checked, a year or so ago, the account was still there, albeit "inactive". It's going to stay there and never be expunged - and that's a sad fact.

These days, the wise old guy that I am:) I still keep what's mine where it belongs - in my head or on a scrap of paper at home. I may be paranoid, as they say, but it doesn't mean they are not out there to get me. They are, and I'll be damned if I willingly make it any easier for them. If more of us were of the same opinion - rather than hail certain traitorous individuals as great role models while at the same time spilling their guts at every online corner for everyone to see - we wouldn't have this kind of problems to deal with.

As a practical matter, forget LinkedIn itself. This seems to be the stuff class action lawsuits are made of. To begin with, I would file an online complaint with your own state's Attorney General's office. We have that where I am and I am sure you do to. Then send LinkedIn a formal cease and desist letter with a copy of your complaint attached. Also, do some research to see if similar complaints have already been lodged and if there's already a class action in the works that you could join. If not, see if you can get some feelers out to lawyers that may be interested in cooking one up.

Oh, and did I say RUN! yet? Stop using that miserable account and close it to stem any future damage.

Once again, sorry to hear about it. It's a bummer all right.


Direct link Reply with quote
 
esperantisto  Identity Verified
Local time: 13:09
Member (2006)
English to Russian
+ ...
Read the small print, as usual Feb 5, 2014

I was prompted to invite all my contracts to LinkedIn. I think, I cancelled it, at least my LinkedIn screen looks the same (however, I'm not active in that social network). I bet, they will reply that there was a respective message, and it was there in very small print. Well, you have to watch out such little dirty tricks.

Direct link Reply with quote
 

Vadim Kadyrov  Identity Verified
Ukraine
Local time: 13:09
Member (2011)
English to Russian
+ ...
Not so important Feb 5, 2014

I am sorry, but we all here sometimes overestimate our importance, if you like. I don`t think that emails of any translator are of any value to LinkedIn, Google, etc.

I also don`t believe that any confidential information people send via email accounts will ever be of any interest to these giants.


[Edited at 2014-02-05 08:38 GMT]


Direct link Reply with quote
 
RobinB  Identity Verified
Germany
Local time: 12:09
German to English
Disturbing Feb 5, 2014

Hi Susan,

Yet another good reason for avoiding social media like this, to be honest. Can I suggest you also bring this up on the bp list, where you might elicit rather more constructive replies?

Robin


Direct link Reply with quote
 

Shai Navé  Identity Verified
Israel
Local time: 13:09
Member
English to Hebrew
+ ...
Some comments Feb 5, 2014

I don't mean to criticize, but some comments.
Susan Welsh wrote:
I thought that was weird, but obediently did as I was told.

The reason for this request is clearly stated on-screen, although it it usually one of several other notices so I understand how it could be missed. Still, one should be more careful before obediently doing anything online, especially providing personal or potentially sensitive information such as login credentials.

This seems to me a massive violation of privacy as well as a security issue.

It is not, because you as the user approved it. Nothing was done without your consent.

Now employees at LinkedIn, as well as any hacker who gains access to LinkedIn's user records (as happened a year or so ago), also has access to my address book, my email password, and untold amounts of personal information that is contained in emails.
I wrote to LinkedIn, but got no reply. There is no phone number anywhere that I can find on the site.

They are using your contacts email addresses just to check who of them is also a LinkedIn member (registered with the email address in your Address Book), and suggest you to connect with those in your Address Book that you are not already connected with. LinkedIn does not have access to the content of your emails.
I assume that you are using Gmail or any other popular email platform (otherwise the email connection process wouldn't have been so seamless), and in that case your email content is already scanned and indexed for advertisement (as well as other, as wed disclosed recently, not that should have surprised anyone) purposes.

Unencrypted email is not a secure mean of communication. Paid hosted email could be potentially (but not necessarily) safer from prying eyes than a free email account (there are no free meals in life, and that holds true even in the digital age), but the rule-of-thumb and the general assumption should be that unencrypted email is not a secure channel and therefore sensitive information should not be transmitted that way. Furthermore, you should assume that anything that you post or do online (on someone else's server) could be exposed to any number of parties, and potentially abused.

Nowadays you can't just live off the grid, especially professionally, but there are some best practices to follow.
- Separate your professional and personal online identities;
- Register to social media using a dedicated email address; you can even use the + email address in Google and Outlook.com (formerly Hotmail) to add some flexibility (but the latter method is still connected to your primary email address so it wouldn't have helped you in this case);
- Don't use free email services for professional purposes (except, maybe, for secondary email address for backup purposes). Personally I think that it also makes you look more professional, but this is debatable;
- Always check carefully what you are doing online, and take extra caution before entering or disclosing any personal or sensitive information, Login credentials included.

[Edited at 2014-02-05 11:25 GMT]


Direct link Reply with quote
 

Susan Welsh  Identity Verified
United States
Local time: 06:09
Member (2008)
Russian to English
+ ...
TOPIC STARTER
replies to points above Feb 5, 2014

Vadim, I am not talking about "personal details" like who's sleeping with whom. I'm talking about financial transactions, client lists -- the sort of things that add up to theft and identity theft.

Robin, thanks for the suggestion. I'm not a member of the BP list, but maybe I'll join.

Shai, I am not talking about gmail or other free services. I use email from a paid service provider.

They are using your contacts email addresses just to check who of them is also a LinkedIn member (registered with the email address in your Address Book), and suggest you to connect with those in your Address Book that you are not already connected with. LinkedIn does not have access to the content of your emails.


How do you know?

Have you forgotten about the mega-theft of LinkedIn data on its users, a year or two ago?


Direct link Reply with quote
 

Shai Navé  Identity Verified
Israel
Local time: 13:09
Member
English to Hebrew
+ ...
Another comment Feb 5, 2014

Whenever you post something on the web, whether it is in a social media platform or otherwise, that content can be later harvested. Social media platforms are a great source for information, mostly because people volunteer (and sometimes encouraged) to provide as much information about themselves as they only can. One just have to smart about it.

When one joins an online group, forum, or platform one has to take basic measures to protect others from hacking into one's account; but one also should be aware that the database of that website or platform could be hacked anyway, i.e. sometimes the platform's security is the weakest link. Therefore, one should manage his or her online presence with care.

How do you know?

Well, I don't, because I'm not privy to their inner working; but I think that if the email service provider grants their API access to the full content of your email, then the problem lies more with the email service provider than with LinkedIn.
Also, to learn about potential business or other relationships between people one just have to search nowadays because information is already quite readily available.
What I'm trying to say is that even if the email addresses are stolen, and even if the hacker can somehow deduce any relationships between two or more random email addresses, this isn't much different from what is already available on LinkedIn and other social media platforms. When you use a certain email address and connect it to an online service, you increase the risk that information about and in association of this email address will leak out one day.

Regarding privacy, what I take more offense with is the fact that many users volunteerly expose the email addresses of their contacts and disclose them, without consent, to any of several online platforms (and new one pops up each day), The amount of invitations I get each month from platforms I didn't even know existed and sent by people in my address book is amazing. I blame the people not the platform.

I think that the sensible approach for managing one's online presence and activity and separating it from one's data or offline activity, is compartmentalization.


Direct link Reply with quote
 

Susan Welsh  Identity Verified
United States
Local time: 06:09
Member (2008)
Russian to English
+ ...
TOPIC STARTER
@Shai Feb 5, 2014

Thanks for your further explanation. I think I'm going to quit LinkedIn, since I don't see that it's of any use whatsoever, anyway.

Direct link Reply with quote
 

Susan Welsh  Identity Verified
United States
Local time: 06:09
Member (2008)
Russian to English
+ ...
TOPIC STARTER
@Misha Feb 5, 2014

The Misha wrote:

I may be paranoid, as they say, but it doesn't mean they are not out there to get me.


Thanks, Misha. They must indeed be out to get you. Yours was the first message posted by time-stamp, but I only received notification of it now, long after the others.



Direct link Reply with quote
 

Daina Jauntirans  Identity Verified
Local time: 05:09
German to English
+ ...
Dumped it Feb 5, 2014

I read about something similar recently and decided to dump my LinkedIn account. It wasn't doing me any good anyway. The most annoying thing was people I know personally, but who know nothing about my work or translation in general, "endorsing" my skills. Worse than useless.

Direct link Reply with quote
 

Susan Welsh  Identity Verified
United States
Local time: 06:09
Member (2008)
Russian to English
+ ...
TOPIC STARTER
@Daina Feb 5, 2014

Daina Jauntirans wrote:

...people I know personally, but who know nothing about my work or translation in general, "endorsing" my skills. Worse than useless.


Yup. I dumped it.


Direct link Reply with quote
 

Tina Vonhof  Identity Verified
Canada
Local time: 04:09
Member (2006)
Dutch to English
+ ...
Same experience Feb 5, 2014

I see LinkedIn as a valuable way to connect with people professionally, not as a 'social network'. But a while ago I was looking for someone on LinkedIn and it became clear that LinkedIn has email addresses of people who are in my email address books, some of whom are definitely not on LinkedIn. I have a separate password for LinkedIn, not my email password, so this has me worried as well. How far do LinkedIn's tentacles reach? Quite far obviously but I haven't yet decided if I want to withdraw at this point - the damage (if there really is any damage) cannot be undone.

Direct link Reply with quote
 

Andrea Muller  Identity Verified
United Kingdom
Local time: 11:09
English to German
+ ...
Beware of Yellow 'Continue' Button Feb 5, 2014

LinkedIn ask me for access to my email account nearly every time just after I sign in. I find the way this is done quite misleading. There is yellow a button with 'continue' on it, which makes it look as if you have to click on it to continue with your session on LinkedIn.

I think I clicked on the yellow button once by mistake. I was taken to another page, where they asked me for my email password, so they could send invitations to everyone in my address book. I managed to get out of that page somehow and am a lot more careful now.

What I find creepy about LinkedIn is how they use information about your location.

I rent desk space in a shared office with an internet connection. I signed up to LinkedIn from that location, and immediately they displayed the other people working in my office as 'People You May Know'.

A new guy moved in and set up his computer on a day when I was not even in the office. He showed up as possible connection when I logged on to LinkedIn from my home computer.


Direct link Reply with quote
 

Susan Welsh  Identity Verified
United States
Local time: 06:09
Member (2008)
Russian to English
+ ...
TOPIC STARTER
"Continue" button Feb 5, 2014

Yes, I also thought that you had to put in your email password in order to do anything at all. Dumb me.

Direct link Reply with quote
 
Pages in topic:   [1 2] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

LinkedIn security issue

Advanced search






CafeTran Espresso
You've never met a CAT tool this clever!

Translate faster & easier, using a sophisticated CAT tool built by a translator / developer. Accept jobs from clients who use SDL Trados, MemoQ, Wordfast & major CAT tools. Download and start using CafeTran Espresso -- for free

More info »
SDL Trados Studio 2017 Freelance
The leading translation software used by over 250,000 translators.

SDL Trados Studio 2017 helps translators increase translation productivity whilst ensuring quality. Combining translation memory, terminology management and machine translation in one simple and easy-to-use environment.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search