Saturday March 23, 2019
Home Lead Story LinkedIn Face...

LinkedIn Faced Probe For Facebook Ads Targeting 18 mn Non-Members

It is still not clear how LinkedIn got hold of those 18 million email addresses

0
//
Facebook, video chat
LinkedIn faced probe for Facebook ads targeting 18 mn non-members. Pixabay

An investigation by Ireland’s Data Protection Commission (DPC) found that LinkedIn had processed hashed email addresses of approximately 18 million non-LinkedIn members and targeted these individuals on Facebook without necessary permission, a new report has revealed.

The investigation covered the activities of the Microsoft-owned professional networking platform during the first six months of 2018, The Verge reported on Saturday.

In its report published on Friday, DPC said that it concluded its audit of LinkedIn Ireland Unlimited Company (LinkedIn) in respect of its processing of personal data following an investigation of a complaint notified to the DPC by a non-LinkedIn user.

The complaint concerned LinkedIn’s obtaining and use of the complainant’s email address for the purpose of targeted advertising on the Facebook.

The investigation revealed that that LinkedIn Corporation in the US did not have the required permission from the data controller – LinkedIn Ireland — to process hashed email addresses of 18 million non-LinkedIn members.

India has witnessed nearly 80 per cent growth in Human Resource (HR) analytics professionals in the past five years, global professional network site LinkedIn said on Tuesday.
LinkedIn reports that HR professional number grew by 80% in last 5 years in India. Pixabay

The complaint was ultimately “amicably resolved”, with LinkedIn implementing a number of immediate actions to cease the processing of user data for the purposes that gave rise to the complaint, DPC said in its report.

However, the body was “concerned with the wider systemic issues identified” in its report, and undertook a second audit to see if LinkedIn had adequate “technical security and organisational measures.”

Also Read- The Khashoggi Killing Creates Differences Between Trump And U.S. Lawmakers

DPC found that the site was “undertaking the pre-computation of a suggested professional network for non-LinkedIn members,” and ordered them to stop and delete associated data that existed prior to May 25 of this year, the day when General Data Protection Regulation (GDPR) came into effect.

“We appreciate the DPC’s 2017 investigation of a complaint about an advertising campaign and fully cooperated,” Denis Kelleher, Head of Privacy, Europe, the Middle East and Africa, for LinkedIn, told TechCrunch in a statement.

Facebook
Facebook, social media. Pixabay

“Unfortunately the strong processes and procedures we have in place were not followed and for that we are sorry. We’ve taken appropriate action, and have improved the way we work to ensure that this will not happen again,” Kelleher said.

As TechCrunch pointed out LinkedIn did not get fined in this process because until the implementation of GDPR at the end of May, the regulator had no power to enforce fines.

It is still not clear how LinkedIn got hold of those 18 million email addresses. (IANS)

Next Story

Experts Urging Users to Change their Facebook Passwords and Turn on Two-Factor Authentication

Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way

0
Facebook
Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way. Pixabay

After a report revealed around 200-600 million Facebook users may have had their account passwords stored in plain text and searchable by over 20,000 Facebook employees, cybersecurity experts are urging users to change their passwords and turn on the two-factor authentication (2FA).

So far the inquiry has uncovered archives with plain text user passwords dating back to 2012, according to the report published this week by KrebsOnSecurity, a blog run by journalist Brian Krebs.

Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way.

“It’s perfectly possible that no passwords at all fell into the hands of any crooks as a result of this. But if any passwords did get into the wrong hands then you can expect them to be abused,” said Paul Ducklin, Senior Technologist at global cybersecurity firm Sophos.

facebook
Facebook said it had found no evidence to date that anyone internally abused or improperly accessed the passwords. Pixabay

“Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed,” Ducklin added.

Facebook said it had found no evidence to date that anyone internally abused or improperly accessed the passwords.

“While the details of the incident are still emerging, this is likely an accidental programming error that led to the logging of plain text credentials. That said, this should never have happened and Facebook needs to ensure that no user credentials or data were compromised as a result of this error,” said John Shier, Senior Security Advisor at Sophos.

“This is also another reminder for people who are still reusing passwords or using weak passwords to change their Facebook password to something strong and unique and to turn on two-factor authentication (2FA),” Shier said. Turning on 2FA would mean that a password alone is not enough for crooks to raid your account, Ducklin added.

facebook
Turning on 2FA would mean that a password alone is not enough for crooks to raid your account, Ducklin added. Pixabay

Facebook also asked people to change their passwords “out of an abundance of caution”.

Earlier this month, Facebook came under scrutiny for using phone numbers provided for security reasons — like two-factor authentication (2FA) — for things like advertising and making users searchable by their phone numbers across its different platforms.

ALSO READ: New Zealand PM Jacinda Ardern Receives Death Threats on Social Media

“Another security measure users can implement to strengthen their digital security postures is to use different passwords for different online accounts. Don’t use your Facebook password for any other login, particularly for personal/professional email accounts or online banking,” said Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited.

“It is also a good practice to log out whenever not using Facebook, even on mobile devices,” Katkar added. (IANS)