Story image

LinkedIn feature exposing user data

01 Oct 11

The threat landscape has changed significantly in the last six to 12 months. The rise of social media has meant malware attacks can be created and spread quickly. To make matters worse, freely available hacking tools which can be used to harvest personal information from Facebook, Twitter or LinkedIn accounts, can be easily downloaded online.
A social network’s most valuable assets are users and their information. With this in mind, we can reasonably expect that, at some point, new features which deliberately or accidentally expose users’ data to other parties outside of their network (either other users or advertisers) might be rolled out. Most services have taken legal provisions and stipulated in their Terms of Service that they can freely access and ‘associate’ your content with your picture and name.
Business social network, LinkedIn, recently introduced a new feature that actually makes your profile information, including names and photos, available for third-party ads. What’s worrying is that the feature has been turned on by default across the platform without your warning or consent.
Given that the very principle behind the creation and operation of LinkedIn is ensuring users’ visibility within various professional circles, it could be argued that all of its members have agreed to some degree of exposure, and that they should all be entitled to have easier access to crucial information such as their name and photo being used by the platform for search purposes.
Generally speaking, there are a few little things that could be done in order to avoid these privacy invasions. The big question is whether social networks could do more to help users understand when changes are made and what the implications are.
Tips on safeguarding your LinkedIn presence
Users who would like to opt-out of this feature need to visit their account settings page, choose the Account tab, and click on the Manager Social Advertising link. On the frame that pops up, you have to uncheck the LinkedIn may use my name, photo in social advertising box.
We advise social networking users to carefully control the information they publish on such websites in order to minimise the impact of any data leaks.
There are a number of free tools available to keep computer users safe, from software that scans a users Facebook profile and prompts them about potential issues with their privacy settings to offerings which protect against Autorun exploits for removal storage devices and prevent malware from spreading via the devices.
Making it harder
If your social media networks have ever been hacked into, there are steps to follow to make it harder for scammers to hack your information in future:

  • Change the passwords to all of your social media accounts

  • Check if any of your emails have been set to be forwarded to another email account

  • Always avoid using the same password for several online accounts

  • Never store copies of your passwords or login information in your email inbox

LinkedIn is a great platform for the channel to reach out to its target audience of business decision makers. However, malware writers and hackers are also taking notice of the increased use of social networks as a means for businesses to engage with their customers, and are devising new
ways of exploiting the inherent trust we place in individuals or businesses who we’ve added to our social circle. It is important then, for the channel to recognise the need to safeguard their presence not only on LinkedIn, but also across other social media platforms they are active in. 

Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Review: Blue Mic’s Satellite headphones are good but...
Blue Mic’s newest wireless headphones deliver on sound, aesthetic, and comfort - but there is a more insidious issue at hand.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Forcepoint and Chillisoft - “a powerful combination”
Following Chillisoft’s portfolio expansion by signing on Forcepoint, the companies’ execs explain how this is a match made in cybersecurity heaven.
David Hickling in memoriam: “Celebrate the life and the music it made”
Dave was a well-respected presence in the IT channel and his recent death was felt by all the many people who knew him as a colleague and a friend.