LinkedIn

Pierluigi Paganini April 20, 2018
A flaw in LinkedIn feature allowed user data harvesting

The researcher Jack Cable (18) has discovered a vulnerability in LinkedIn, the AutoFill functionality, that allowed user data harvesting. While experts and people are discussing the Cambridge Analytica case another disconcerting case made the headlines, the private intelligence agency LocalBlox has left unsecured online an AWS bucket containing 48 million records that were also harvested from Facebook, LinkedIn, and Twitter. […]

Pierluigi Paganini December 19, 2016
LinkedIn Lynda.com online learning platform started notifying users of data breach

Lynda.com is notifying customers a data breach, according to the company an unauthorized third party accessed a database containing user information. Lynda.com is an online learning platform that was acquired last year by LinkedIn. The company started notifying its customers over the weekend, hackers accessed learning data, including attempted courses and contact data. At the time […]

Pierluigi Paganini November 14, 2016
Russia is going to ban LinkedIn after court ruling. What’s next?

Russia is going to ban Linkedin after a court ruling that found the professional social network  to be in violation of the country’s data protection laws. violation of the country’s data protection laws. On Thursday, a Moscow court has confirmed the decision to ban the professional social network LinkedIn in Russia. LinkedIn is violating the country’s data protection […]

Pierluigi Paganini July 14, 2016
Shard discovers shared passwords between most popular web services

Shard is a free tool that could be used by hackers to discover shared passwords between most popular web services, including Facebook, LinkedIn, Reddit, Twitter, or Instagram. In the past months, we have read about numerous data breaches, LinkedIn, MySpace, VerticalScope are just a few examples of illustrious victims. Hundreds of thousands of millions of credentials have flooded the […]

Pierluigi Paganini June 11, 2016
More Fallout from the LinkedIn Breach in new Targeted Attacks on Banking

CERT-Bund released a warning that corporate executives may be being targeted with malicious emails using data from the LinkedIn data breach. The cascading effects of the 2012 LinkedIn breach are still being felt throughout the business world.  On Monday, CERT-Bund, Germany’s Computer Emergency Response Team for federal agencies, released a warning that corporate executives may […]

Pierluigi Paganini May 25, 2016
LinkedIn breach from 2012 still haunting the security community

A data breach suffered by LinkedIn back in 2012 is still haunting the security community. In 2012, LinkedIn suffered an attack heard around the professional world.  The social networking site that caters to professionals and their social peer groups suffered and breach of nearly 6.5 million users.  The attack was attributed to Russian hackers who […]

Pierluigi Paganini May 18, 2016
117 Million LinkedIn credentials offered for sale

A hacker who goes by the name “Peace,” is offering 117 million LinkedIn credentials for 5 bitcoin, the precious data come from the 2012 hack. According to Motherboard, a hacker who goes by the name “Peace,” is offering personal details of 117 million LinkedIn users for 5 bitcoin (around $2,200). The hacker is offering the data in […]

Pierluigi Paganini December 04, 2015
Beware fake LinkedIn profiles, threat actors are using them to hack you

According to the Symantec firm, a growing number of threat actors in the wild are targeting professionals on LinkedIn with fake LinkedIn profiles. LinkedIn is a privileged platform for intelligence gathering, a growing number of hackers are targeting professionals to collect information about their activities and networks. I daily refuse dozens connection from fake LinkedIn […]

Pierluigi Paganini October 08, 2015
Iranian Cleaver hackers exploit LinkedIn for cyber espionage

The Cleaver group is once again in the headlines managing a well-developed network of fake LinkedIn profiles for cyber espionage purpose. Do you remember the Iran-based APT Cleaver? In December the security firm Cylance released a detailed report on the hacking Operation Cleaver that was run by state-sponsored hackers linked to the Iran. The Iranian hackers targeted critical infrastructure worldwide, ten of which […]

Pierluigi Paganini September 19, 2015
Discovered a Reflected Filename Download flaw in LinkedIn

The Security researcher David Sopas at WebSegura discovered a Reflected Filename Download vulnerability in the popular professional social network LinkedIn. He was analyzing another website when he discovered the following XHR request on Google Inspector on LinkedIn: https://www.linkedin.com/countserv/count/share?url=http://www.site_i_was_in.pt It seems a simple request to make by websites to count how many shares their site have on […]