Frag einen Datenschutzbeauftragten!

LinkedIn misplaces 700 Mil. user data! Yours too?

9 July 2021

Welcome to Ask a data protection Officer, today finally once again with a huge data scandal, around the business platform LinkedIn. The diligent data vultures of this cute business platform have managed to lose more than 90% of all user data to hackers for the second time in one year. If they keep it up, LinkedIn might manage a hat trick and lose all user data the third time around. They are only 50 million short of that and that’s just 10% of the first leak, so toi, toi toi, on your way to becoming the world champion in professional privacy abuse!

What exactly happened? In April 2021, just three months ago, LinkedIn lost 500 million users data through a data leak. In response, the company worked diligently on security, but the “juggeling their balls and sitting it out” was probably not quite enough. Because a few days ago, at the end of June 2021, the next bad news for us users followed. This time, 700 million user records, another 200 million more, another 50% on top, have surfaced in the dark net. Well LinkedIn seems to be relatively uninterested in this topic, since the users were not notified by the company itself but rather through various other media, both the first and the second time. This also raises the question, “Would LinkedIn know about this without outside reporters?”. If so, why don’t they inform the users themselves… and why don’t they close the leak effectively…? From operators of the largest business platform in the world we may well expect compliance and continuous monitoring and testing of data security, or not?

Now let’s see how you can find out if you are affected by this data leak? You can use websites like “haveibeenpwned“. There you enter the email address of your LinkedIn account and press the button that says “pwned?” If you are affected by the data leak, this will be displayed after a few seconds.

If you are directly affected by the hack, I have linked you to an article from WBS. There you will find a form with which this law firm helps you to claim damages from LinkedIn. The more users the higher the pressure and as everyone knows, when the pressure rises the colon breaks. Eh, dam, dam, dam of course. If everything is okay and your LinkedIn account is not directly affected, you will get this green message.

That’s not absolute certainty, of course, but it’s a good start. Since LinkedIn shows little effort to handle such massive data leaks dutifully, it can’t be ruled out that they are still losing user data. Because caution is the mother of porcelain, you should renew your LinkedIn password in any case in very regular intervals. I have linked a video for you how you can determine secure and secret passwords and manage them well. I recommend to renew your LinkedIn password at least once a month, because LinkedIn does not want to offer security.

However, this only protects you from having your account taken over by others without your knowledge. If one of your connected contacts is affected by the hack, hackers might be able to get information about you, that you have only shared with your contacts. For example, your phone number, resumes, etc. Therefore, regardless of whether you are affected or not, you should check your privacy settings. [What a mouthful in this context, privacy settings].

To do this, log into LinkedIn, click on your profile picture in the top right corner, and select “Settings & Privacy.” You are then directly on the page “Privacy hypocrisies that are supposed to mislead you“. There you first request a “copy of your data“. After about 24 hours you will receive an email with your data and can get an overview of what LinkedIn knows about you. In addition, you should carefully check all privacy settings and set them so that you know exactly who can see what about you and when.

What you select here is up to you, but my recommendation is everything off, that is not absolutely necessary. By this I also mean phone numbers, as well as resumes, interests simply everything. This is information that you should only share with the people you specifically and consciously select yourself.

1. Copy of your data

2. Deactivate Cookie settings

3. Check visibility of your information

Now comes the point to protect yourself against careless use of LinkedIn by your connected contacts. As always, inform and evaluate. Send your contacts a personal message, preferably via LinkedIn or email and inform them about the problem.


Your Contacts Message Template

Hello #NAME#,

in the past few days LinkedIn was again affected by a major hack that affected 700 million users’ data. I would like to help you to check the security of your account and protect it from damage. That’s why I’m sending you a guide that helped me to better understand the issue and get clear help on settings and further measures.

You can find the article with the instructions here: https://www.datenschutz-ist-pflicht.de/en/faq/data-protection/linkedin-misplaces-700-mil-user-data-yours-too/

I hope you are not affected by the problem and can learn valuable things about your privacy settings on LinkedIn.

See you soon and best regards,
#YOUR_NAME


This way you have checked your own LinkedIn account, secured it and selected your privacy settings in such a way that future data leaks can no longer affect you so severely.

But even this does not protect you from being affected by hacked accounts of your connected contacts. I’ll be happy to explain how something like this can happen and what possible negative consequences it could have for you in another video, if that’s of interest to you. So write me in the comments if you want to see that and what you think of LinkedIn and Microsoft’s handling of your sensitive data?

Because it’s actually kind of weird. These greedy managers treat our data like their rightful property to generate profit. But when it comes to protecting this asset, they ignore every rule and put security last. How do they handle other property? Is the door at Microsoft open and everyone can just takeaway what they like? Probably not. Therefore, dear Ryan Roslansky and Satya Nadella, your behavior is economically negligent and morally reprehensible. CEOs are leaders and as such you have a role model function to fulfill this is not an optional right. It is an all-encompassing duty!

Datenschutz Management Flat-Rate

Ihre eigene pro­fessio­nelle Daten­schutz Ab­tei­lung
aus zer­tifizier­ten Daten­schutz- & IT-Sicher­heits­beauftragten für Ihr Unter­nehmen,
m
it mehr als 35 Jahren Expertise in strategischer IT-Beratung und Service!

Praxistaugliche Antworten auf Deutschlands größtem Datenschutz Video-Blog

Frag einen Datenschutzbeauftragten