CUSO-News---Payments-Report

close

Categories

More Tags

Subscribe to Email Updates

Popular Stories

Pay-by-Bank: Anticipating the Next Wave of Innovations
Understanding Enumeration Attacks and How to Prevent Them
What It Means to Have a World Class NPS
Travel Disruption Just Became Easier with Visa's Digital Card Replacement
FedNow: Changing the Game for Real-Time Payments
Written by Cyndie Martini
on January 16, 2020

People put up public profiles to help them with finding jobs and connecting with colleagues. For many of us, this means LinkedIn. It's not uncommon for companies to request your LinkedIn profile URL when submitting a job application. Keeping your LinkedIn profile updated is also important. Everything from your job history, education history, skills, and a little personal information about you are available for all to see. All of this is harmless, right? After all, the company behind LinkedIn is one of the largest technology companies on the planet — Microsoft.

Not so fast. An October 2019 hack of an unsecured Elasticsearch server exposed the profiles of 1.2 billion people. If no one created profiles directly with Elasticsearch, where did all of this data come from? In short, aggregation services. These services scrape information from websites such as LinkedIn and dump it into a server such as the one at Elasticsearch. In this case, the two aggregators where People Data Labs (PDL) and Oxydata.

LinkedIn does allow users to control how much information they want to display publicly. But to get the most out of LinkedIn requires exposing much of a user's profile. Not exposing the profile defeats the purpose of using LinkedIn. 

Because these aggregation services have no access to login information, user logins are still protected with LinkedIn. However, it isn't a far stretch that with such a detailed profile, a hacker can trace down the user's email address, which is often the one used as their login for banks. With half of the login already resolved, it's just a matter of figuring out the password. Depending on which security measures the user has taken, such a task may not be all that difficult. Because 83% of users use the same password across multiple websites, they'll be open to multiple security threats. 

Securing accounts with good security practices is great, but making profile information public can introduce a new security threat. Thanks to unseen aggregation services, this is the new reality going into 2020.



Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like: