LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

What's the point...

What's the point...

Posted Jun 6, 2012 23:37 UTC (Wed) by daney (subscriber, #24551)
Parent article: 8 million leaked passwords connected to LinkedIn, dating website (ars technica)

What are they going to do with all these passwords?

1) Send me some additional Job Offer spam?

2) Deface my profile?

3) ????

4) Profit!

I guess I don't get it. What is step 3 supposed to be?

It is slightly ironic that this would happen to the 'Facebook for professionals'.

(Log in to post comments)

What's the point...

Posted Jun 7, 2012 0:01 UTC (Thu) by SEJeff (subscriber, #51588) [Link]

How about see if the password for your email is the same and perhaps social engineer from there? For many people, it wouldn't be so hard.

What's the point...

Posted Jun 7, 2012 2:12 UTC (Thu) by tetromino (subscriber, #33846) [Link]

> Send me some additional Job Offer spam?

More likely they will use your account to send spam and malware links to others. Also, they will be able to see any non-public information in your profile, which may be useful for spear-phishing attacks.

What's the point...

Posted Jun 7, 2012 18:35 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

there has been a lot of linkedin related phishing going on over the last few months in any case.

What's the point...

Posted Jun 11, 2012 14:28 UTC (Mon) by nix (subscriber, #2304) [Link]

More likely they will use your account to send spam
... which is distinguishable from what LinkedIn normally does how? (There's a reason all email from LinkedIn is rejected by my MTA.)

What's the point...

Posted Jun 7, 2012 2:41 UTC (Thu) by decaffeinated (guest, #4787) [Link]

I know the answer to this one:

a) suppose you chose a standard username for all of the accounts that you care about (could be, for example, your e-mail addr).

b) suppose you used the same password for all of the accounts that you care about.

Suppose all of the accounts that you care about include:

linkedin.com
your_cking_acct.com
your_brokerage_acct.com

Ooops. Okay...I know LWN readers don't do this, but I'll bet other netizens do.

What's the point...

Posted Jun 10, 2012 10:04 UTC (Sun) by nicolas@jungers (✭ supporter ✭, #7579) [Link]

Well, my slashdot account an my (now cancelled) LinkedIn account share the same password, and... my LWN account.

What's the point...

Posted Jun 7, 2012 4:40 UTC (Thu) by dirtyepic (subscriber, #30178) [Link]

Send invites from compromised accounts to non-members in order to acquire fresh passwords? Or is it a coincidence that I've received 6 of these emails in the last 3 days (up from 0).

What's the point...

Posted Jun 7, 2012 9:28 UTC (Thu) by DavidS (subscriber, #84675) [Link]

That might also be all those who never look at their linkedin profile, now change there password and notice, that, oh! look I could invite someone!

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds