In this week’s Cyber Blurbs Roundup, we take a look at a bad week for some (500 million) LinkedIn users, an unfortunate discovery for Mark Zuckerberg, and the latest vulnerability tied to everybody’s favorite video conferencing platform.
LinkedIn User Data Up for Sale
Just about a week after Facebook saw the data of more than 500 million of its users hit the web for free, LinkedIn finds itself dealing with a similar problem. Approximately 500 million users belonging to the popular professional networking platform have had their information scraped and put up for sale. This story was first published by Cyber News.
The archive of offered information is said to include user IDs, names, email addresses, phone numbers, professional titles, and links to other social media accounts. The hacker is said to be asking for a whopping four-figure sum.
LinkedIn wasted little time in providing some clarity, claiming the information was not actually scraped from its own site.
“Members trust LinkedIn with their data, and we take action to protect that trust,” the company wrote in a statement. “We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.”
As was the case with the Facebook dilemma, the LinkedIn user data could provide malicious actors with more information for targeted phishing attacks. As a reminder, please don’t click on links from unfamiliar phone numbers or email addresses. As an additional reminder, please consider using a password manager to better secure all of your accounts.
Those worried about a potential breach to their LinkedIn account can visit this website to check.
Most iOS Users Expected to Deny Tracking Requests
Facebook’s worst nightmare is coming to fruition.
According to an analysis conducted by mobile marketing and attribution company AppsFlyer, about 68% of iOS users are expected to deny apps that request permission for tracking once iOS 14.5 is released (h/t MacRumors). For those unaware (and there’s no reason you should be — we talk about this in some capacity almost every single week), iOS 14.5 is set to provide users with greater control over their privacy. As part of Apple’s App Tracking Transparency initiative, mobile developers will soon be required to receive explicit permission from its users to track them across apps and websites for targeting purposes.
AppsFlyer’s analysis included 300 apps across 2,000 devices, resulting in a median opt-in rate of just 32%.
Facebook has more than done its part to try and force the actual metrics to deviate a touch, initiating an anti-Apple campaign over the last year. From UI notifications all the way to full-page newspaper ads, Facebook has argued that Apple’s focus on privacy will have a massively negative impact on the mobile advertising industry — a sector that has historically flourished thanks largely to its ability to accurately target users with curated advertisements.
Apple released a white paper this month, further detailing its move toward user privacy.
“Over the past decade, a large and opaque industry has been amassing increasing amounts of personal data,” the company writes. A complex ecosystem of websites, apps, social media companies, data brokers, and ad tech firms track users online and offline, harvesting their personal data. This data is pieced together, shared, aggregated, and used in real-time auctions, fueling a $227 billion-a-year industry.”
You can read that white paper in its entirety here.
Mark Zuckerberg Uses Signal
Now for a quick laugh: Mark Zuckerberg uses Signal. That’s of note, of course, because Zuckerberg’s Facebook, Inc. just so happens to own Signal’s largest competitor, WhatsApp.
News of Zuckerberg’s affinity for the secure and encrypted messaging app broke shortly after it was determined that he was among the 533 million people whose data was leaked to the public as part of a Facebook data breach earlier this month. Zuckerberg’s phone number was leaked and found to be linked to an account on Signal.
The Zuckerberg-Signal connection comes just a few months after the Facebook-owned WhatsApp suffered a massive PR hit that allowed Signal to flourish. WhatsApp, once considered a go-to for privacy enthusiasts, announced plans to update its privacy policy that would enable the app to share some user data with other Facebook, Inc. subsidiaries (including Facebook). Signal surfaced as a more-than-serviceable alternative as WhatsApp users flocked to different platforms.
Researchers Cash in on Zoom Bug
The bad news: Zoom was discovered to have a critical vulnerability that could have targeted host machines without user interaction. The good news: That vulnerability was discovered by a group of white-hat cybersecurity pros (AKA the good guys!).
Daan Keuper and Thijs Alkemade of Computest netted $200,000 for discovering the issue as part of Pwn2Own, a contest organized by the Zero Day Initiative that encourages cybersecurity researchers to actively seek out vulnerabilities in participating products.
The attack is said to work on the desktop application for both Mac and Windows. The browser version of the app is said to be without issue.
"The attack must also originate from an accepted external contact or be a part of the target's same organizational account," Zoom said in a statement to Tom’s Guide. "As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust."
Zoom has yet to patch the security issue.
At least three other groups secured six-figure checks during the contest, including vulnerabilities with Safari ($100,000), Microsoft Exchange ($200,000), and Microsoft Teams ($200,000). You can take a look at a live recap for Pwn2Own here.