• TWeaK@lemm.ee
    link
    fedilink
    arrow-up
    10
    ·
    1 year ago

    I use unique email addresses for everything, and while this doesn’t happen now LinkedIn remains one of two websites I’ve ever signed up to that started spamming my email address immediately after signing up. The email address doesn’t even actually exist, it was only ever used in their account creation page, so I know it was them that compromised it.

    If you remember how LinkedIn started out this is in no way surprising. They’ve always been worse than Facebook.

    • 乇ㄥ乇¢ㄒ尺ㄖ@infosec.pub
      link
      fedilink
      arrow-up
      1
      ·
      10 months ago

      I don’t get it, if the email you used doesn’t exist, how did you know they’re spamming you ? since there is no inbox for you to see !

      I’m not saying they won’t use it for something else, like targeted ads, but usually the moment you sign up, they’ll start asking you to sign up for premium, they’re spammy in the way they do it, I literally had to hibernate my account.

      • TWeaK@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        The email address I give out doesn’t exist, but whenever sends me an email to an address that doesn’t exist it gets forwarded via the back-end of my email server to my actual email inbox. So I receive emails sent to those addresses, and the email I receive has the non-existent email address in the “To” field.

        I end up sending email from this actual email, but I spoof the “From” email to the non-existent one. I’ve actually been planning on changing this, because it’s possible for people to read the header information and determine my actual email address. What I’m thinking of doing is creating “noreply@mydomain.com” with a 0MB mailbox, and then using that for all outbound emails.

        And yeah, like I say, after doing this for many years I generally get very little spam. There are a couple websites that apparently got hacked, their emails get spam, and things like my voter registration email (which is in the public domain) gets all sorts of crap. But LinkedIn was unique in that the spam started immediately. The only other website that this happened with was AdultFriendFinder.

        Maybe the websites were compromised when I signed up on those occassions. My most recent LinkedIn account did not have this happen. However, it certainly fits the pattern of behaviour from LinkedIn, and furthermore that recent LinkedIn email also gets its share of spam these days, and it’s spam that’s related to the industry I work in. LinkedIn aren’t supposed to be giving this email out, and yet people get it somehow.

        • 乇ㄥ乇¢ㄒ尺ㄖ@infosec.pub
          link
          fedilink
          arrow-up
          1
          ·
          10 months ago

          The email address I give out doesn’t exist, but whenever sends me an email to an address that doesn’t exist it gets forwarded via the back-end of my email server to my actual email inbox. So I receive emails sent to those addresses, and the email I receive has the non-existent email address in the “To” field.

          Oh, so it’s like you create an email on the fly and it forwards it to your actual email

          that’s related to the industry I work in. LinkedIn aren’t supposed to be giving this email out, and yet people get it somehow.

          when was the last time you used LinkedIn?, it has suffered a data breach ( I mean it does all the time ) but the last breach that I remember which happened not so long ago, caused 92 ℅ people’s data to get leaked

          • TWeaK@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            Oh, so it’s like you create an email on the fly and it forwards it to your actual email

            Exactly! Except it’s not a regular forward, there isn’t a send action, it’s just moved into my email inbox.

            when was the last time you used LinkedIn?

            A month or two ago. I’m sure my data has been breached a few times. However, that doesn’t exactly absolve them - I wouldn’t be surprised if some of the “breaches” were in fact commercial agreements, when it comes to them.

            LinkedIn have always been scummy, since their inception. Their original trick was to get you to provide your email login details, then they would log in to your email and spam all your contacts telling them to join. That was literally how they established themselves in the market. This was back in the MSN chat days.