このサイトの安全性は分からず。。
●このアドレスは大丈夫そう。
▲このアドレスは3か所で流出。。。。
https://www.troyhunt.com/observations-and-thoughts-on-the-linkedin-data-breach/
The point is that the folks dealing with this incident today are cleaning up someone else's mess. I'm sympathetic to those dealing with the breach and as much as we may feel tempted to blame LinkedIn as an organisation, it's worth remembering there are people dealing with this that are having a pretty miserable time through absolutely no fault of their own.
But of course for me, one of the things at the forefront of my mind after such an incident is how I'm going to deal with the data as it relates to HIBP. This is a bit nuanced, so let me try and fully explain it here:
Have I been pwned
I want to talk about HIBP and the LinkedIn data in a moment, but I want to share a portion of an email I received from someone this weekend first:
I'm not sure if you're aware of leakedsource.com - it's vaguely similar to haveibeenpwned.com in that it allows visitors to find out if they appear in dumps, except it feels like it's being run with more criminal intent. In contrast to your site, they don't give any background on themselves, they also have a paid subscription which allows access to the entire database, including other people's details and plain text passwords. On top of that, to remove one's self from the database for free, you're expected to send even more personal data to them, and then it's done manually, for which they conveniently have a "huge backlog".
I've been aware of Leaked Source for a while and I have thoughts on how they operate which are similar to what's represented in the comment above. What the person who sent me that email wasn't aware of at the time though was that Leaked Source subsequently received some pretty stern words from LinkedIn, most notably the following:
We have demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply
0 件のコメント:
コメントを投稿