Subscriber Discussion

LinkedIn Has Been Hacked

Avatar
Jon Dillabaugh
May 20, 2016
Pro Focus LLC

LinkedIn has been hacked and 117M user accounts are being shopped by the alleged assailants.

We should all change our passwords ASAP, but do we stop there? Since it is apparent that LI doesn't have the ability to secure our data, should we close our accounts and cease usage of LI? Should we sue them for the breach? Do they have a hacking clause? Would it matter?

Hypothetically, what if this had happened to IPVM? Would the size/scale of the org change your opinion? Would you be more or less offended knowing IPVM had been hacked vs LI?

(1)
KL
Keefe Lovgren
May 20, 2016
IPVMU Certified

a few months back i launched netflix on our roku at home, a window popped up showing that they have changed their privacy statement and that I would need to agree to it in order to continue... being that guy who reads eulas and privacy statements i read it... the change i had noticed from previous was to their "Security" section:

Security

We believe we use reasonable administrative, logical, physical and managerial measures to safeguard your personal information against loss, theft and unauthorized access, use and modification. Unfortunately, no measures can be guaranteed to provide 100% security. Accordingly, we cannot guarantee the security of your information.

what was my response to netflix saying they cannot protect my information? i cancelled my account and had them remove all cc and customer information relating to my account... since then i have opened a new account using a burner cc and email address so if that information gets stolen it won't be a major setback... were my actions justified? in my mind yes because they were telling me outright that my information is not safe while in their possession... i have since then realized that they take many proactive steps to protect that as best as they can and i also have the responsibility to do the same...

maybe my rambling may have fit better under the hikvision thread that has been burning up for the past week rather than this one but this one brought my situation to mind...

(2)
(1)
Avatar
Jon Dillabaugh
May 20, 2016
Pro Focus LLC

While I think your response was appropriate given the circumstances, did you also do the same for all other aspects of your life, or was it only for Netflix?

My point is this, do you feel less secure just because Netflix (and Hik) have given you notice? Or do you now treat all companies with the same guarded distrust? Would you shop at Target?

I think people overreact to some things and then have blinders on when it comes to others. If you feel that Netflix is so untrustworthy, then assuredly you feel the same about Hulu, no?

(1)
KL
Keefe Lovgren
May 20, 2016
IPVMU Certified

While I think your response was appropriate given the circumstances, did you also do the same for all other aspects of your life, or was it only for Netflix?

no not only for netflix, i take managing my financial information seriously... if other companies came out and said that my information wasn't secure i would respond accordingly and find a way to protect my information...

My point is this, do you feel less secure just because Netflix (and Hik) have given you notice? Or do you now treat all companies with the same guarded distrust? Would you shop at Target?

i wouldn't say i feel less secure, just away that i have to manage my information differently... i don't shop at target.

I think people overreact to some things and then have blinders on when it comes to others. If you feel that Netflix is so untrustworthy, then assuredly you feel the same about Hulu, no?

sure there may be several other places whose services i use that haven't come out and said anything in regards to private information not being secure, once it comes out though i will adapt to it... it is minor changes that have to be made on my end and i am fine with that... as far as hulu i don't use their service so i cannot comment on that.

Avatar
Jon Dillabaugh
May 20, 2016
Pro Focus LLC

So, you think if Hulu, for instance, doesn't have any mention of account security in their EULA or T&Cs, you are somehow safer?

To me, that is ludicrous. I would treat them all the same. If you don't trust Netflix with your info, how could you possibly trust anyone? I'm not standing up for Netflix here, I'm saying if your data is that crucial, you would think you would ALWAYS be prudent.

Maybe someone like Hulu has simply forgotten to mention security and privacy?

U
Undisclosed #1
May 20, 2016

"Hypothetically, what if this had happened to IPVM? Would the size/scale of the org change your opinion? Would you be more or less offended knowing IPVM had been hacked vs LI?"

It is not Hypothetically

it did happen

(1)
UM
Undisclosed Manufacturer #2
May 20, 2016

Over time, some type of hack has/will impact nearly any online presence.

I spent 12 hours cleaning up one last weekend that breached a vhost account, found an outdated CMS framework, changed all sorts of .php files and did a number of other things merely to carve out a slice of space to attempt to get people (who were being emailed) to update their "bank" info; in Italian no less.

The target was not to gain anything from the visitors of the legit website, or its content, or any of that. Just a hack looking for a place to land.

To a large degree you have to assess the intent and scope of the attack (which in many cases you will not be fully privy to) before casting really negative reactions merely based on hearing that a site was "hacked."

JH
John Honovich
May 20, 2016
IPVM

We had an internal leak 2 years ago. It was a member data report, including emails but no credit card information and one way salted / encrypted passwords. We eliminated all external reports even before that happened but a copy was leaked subsequently.

We also immediately emailed all members at that time and forced changing passwords, as a precaution.

U
Undisclosed #3
May 20, 2016
IPVMU Certified

Leak != Hack

(1)
Avatar
Jon Dillabaugh
May 20, 2016
Pro Focus LLC

You're right. They were separate acts. It was nearly 4 years ago that LI was hacked. It is just now that the stolen data is being leaked.

Are you saying they weren't hacked?

U
Undisclosed #3
May 20, 2016
IPVMU Certified

I was referring to IPVM

(1)
U
Undisclosed #4
May 20, 2016

You are saying that if an employee decides to release documentation that they - as an internal employee - have access to.... that this is what you consider a 'hack'?

I do not.

U
Undisclosed #3
May 20, 2016
IPVMU Certified

I do not either, as I said:

Leak != Hack or Leak <> Hack

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions