Breach, Compliance Management, Data Security, Privacy, Security Strategy, Plan, Budget

Should LinkedIn follow Facebook’s lead in data restriction controls?

Facebook's recent announcement to update its data restriction policies has prompted some researchers to examine other social media platforms to review their data practices as well.

Malwarebytes blogger Willian Tsing suggested other sites should consider following suit, especially LinkedIn which has had its own history of breaches, vulnerabilities, and personal data leaks for both their web and iOS platform. In May 2016 it became known that LinkedIn released additional information from massive data breach suffered in 2012 with the credentials of more than 117 million of its members being found for sale on the Dark Web.

The researcher points out that new LinkedIn profiles by default allow search engines to access a user's name, titles, current company and picture and while even though users have the option to switch off the function, the information will still be index and remain public, according to the April 2, 2018 blog post.  

The researcher also pointed out how users have no control over who is a first, second, and third-degree connections despite each degree offering different restrictions on the amount of information made available before a user can even approve a connection.

A LinkedIn Spokesperson told SC Media: "That is not correct. Members control their connections, who can see them (including keeping them private if they wish) and only first-degree connections can get access to your contact info on LinkedIn. 

The spokesperson went on to say that "all profiles on LinkedIn are visible to enable people to find economic opportunity and leverage their networks."

“It's a trivial matter to observe a target's position within the network, join their peripheral interests or third-degree connections, then use the automatic increase in access to appear more trusted in a later attack,” Tsing said in the post. “There really isn't an effective defense against this sort of social network attack because it depends on every single member of the network being forever vigilant.”

Tsing went on to add that by reducing trusts to a binary choice of “yes” or “no”, the barrier to entry for thieves is greatly reduced. The researcher also said LinkedIn data hoards and retains the rights to a user's information even after they delete their account.

It is unclear if other social media companies will follow Facebook's path of increased transparency and user control over data.

UPDATE: This story has been updated to include comments from LinkedIn.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.