The same threat actor has leaked larger amounts of data from LinkedIn dated 2023. They claim this new data contains 35M lines and is 12 GB uncompressed.

  • spudwart@spudwart.com
    link
    fedilink
    English
    arrow-up
    29
    arrow-down
    11
    ·
    1 年前

    Was surprised at first, then I went to go log in to change my password.

    And then it said I was emailed a 2FA code… the code was part of the email header.

    Now I’m completely unsurprised this happened.

    • kungen@feddit.nu
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      1
      ·
      1 年前

      I’m not sure what you’re implying here regarding headers? Email is insecure regardless; even when using SMTP with TLS, it’s not like the headers are exposed whereas the body would be encrypted or something.

        • kungen@feddit.nu
          link
          fedilink
          English
          arrow-up
          11
          ·
          1 年前

          well with PGP, the header is unencrypted

          Is there a single large company that even sends PGP email?

          logging into example.com with the user’s email and that 2fa code is going to be a breeze

          Sure, IF 1. you already have the user’s password, and 2. a new code wouldn’t be required/the previous code invalidated when initiating a new login session?

          Like, I’m not saying that 2FA codes via email is secure, but you’re implying that they are making a security hole via this - which I don’t see.

          • Phoenixz
            link
            fedilink
            English
            arrow-up
            5
            ·
            1 年前

            Pgp, the greatest program never used by anyone

            • brothershamus@kbin.social
              link
              fedilink
              arrow-up
              2
              ·
              1 年前

              I used it. For about 10 minutes. Then I read the help files. Then I searched. Then I used it some more. Then I uninstalled it.

              • jarfil@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 年前

                Unless you followed by installing gpg… then you failed. There are tons of uses for it, not necessarily encrypting emails (or more precisely, it kind of sucks at encrypting emails).

          • locuester@lemmy.zip
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 年前

            Yeah not following the logic. 2FA via email is insecure. Doesn’t matter where in the email. That person is confused about something.

    • corsicanguppy
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      3
      ·
      1 年前

      the code was part of the

      … part of the Subject header in the encrypted body of the message, you mean? What a nothing-burger.

      • jarfil@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 年前

        encrypted body of the message

        Encrypted what? LinkedIn lets you add a key/cert to send you encrypted emails?