Everyone is connecting with social network from a common person to a celebrity and with this they also share their personal data. Everyone rely on the social network and shares all details with their personal email address. And many of them makes their some of the personal details private, but what if they won't be private any more. Worse is the case in which social media platform itself exposes your data in the name of marketing.
Same this happens with the professional's social network 'LinkedIn'. LinkedIn allows you to connected with person to you know by professional or personal. It also have the another good feature by which you can ask to be introduced to someone you’d like to meet by sending a request through someone who bridges your separate social networks. Celebrities, executives or any other LinkedIn users who wish to avoid unsolicited contact requests may do so by selecting an option that forces the
requesting party to supply the personal email address of the intended recipient.
But bad for LinkedIn that its inbuit feature creates a problem for its users. LinkedIn finding friends features leaks the user personal email address. According to the researcher from Wash. based security firm Rhino Security Labs, explained this issue and clarify how an attacker can target a users or celebrity email address. With the low-tech hack also users can targets celebrities, entrepreneur email address.
Explanation-
When you sign up for a new account, for example, the service asks if you’d like to check your contacts lists at other online services (such as Gmail, Yahoo, Hotmail, etc.). The service does this so that you can connect with any email contacts that are already on LinkedIn, and so that LinkedIn can send invitations to your contacts who aren't already users.
LinkedIn assumes that if an email address is in your contacts list, that you must already know this person. But what if your entire reason for signing up with LinkedIn is to discover the private email addresses of famous people? All you’d need to do is populate your email account’s contacts list with hundreds of permutations of famous peoples’ names — including combinations of last names, first names and initials — in front of @gmail.com, @yahoo.com, @hotmail.com, etc. With any luck and some imagination, you may well be on your way.
When you import your list of contacts from a third-party service or from a stand-alone file, LinkedIn will show you any profiles that match addresses in your contacts list. More significantly, LinkedIn helpfully tells you which email addresses in your contacts lists are not LinkedIn users.
It’s that last step that’s key to finding the email address of the targeted user to whom LinkedIn has just sent a connection request on your behalf. The service doesn't explicitly tell you that person’s email address, but by comparing your email account’s contact list to the list of addresses that LinkedIn says don’t belong to any users, you can quickly figure out which address(es) on the contacts list correspond to the user(s) you’re trying to find.
Same this happens with the professional's social network 'LinkedIn'. LinkedIn allows you to connected with person to you know by professional or personal. It also have the another good feature by which you can ask to be introduced to someone you’d like to meet by sending a request through someone who bridges your separate social networks. Celebrities, executives or any other LinkedIn users who wish to avoid unsolicited contact requests may do so by selecting an option that forces the
requesting party to supply the personal email address of the intended recipient.
But bad for LinkedIn that its inbuit feature creates a problem for its users. LinkedIn finding friends features leaks the user personal email address. According to the researcher from Wash. based security firm Rhino Security Labs, explained this issue and clarify how an attacker can target a users or celebrity email address. With the low-tech hack also users can targets celebrities, entrepreneur email address.
Explanation-
When you sign up for a new account, for example, the service asks if you’d like to check your contacts lists at other online services (such as Gmail, Yahoo, Hotmail, etc.). The service does this so that you can connect with any email contacts that are already on LinkedIn, and so that LinkedIn can send invitations to your contacts who aren't already users.
LinkedIn assumes that if an email address is in your contacts list, that you must already know this person. But what if your entire reason for signing up with LinkedIn is to discover the private email addresses of famous people? All you’d need to do is populate your email account’s contacts list with hundreds of permutations of famous peoples’ names — including combinations of last names, first names and initials — in front of @gmail.com, @yahoo.com, @hotmail.com, etc. With any luck and some imagination, you may well be on your way.
When you import your list of contacts from a third-party service or from a stand-alone file, LinkedIn will show you any profiles that match addresses in your contacts list. More significantly, LinkedIn helpfully tells you which email addresses in your contacts lists are not LinkedIn users.
For the same researcher Mark Cuban had used to sign up for LinkedIn. Seely said they found success in locating the email addresses of other celebrities using the same method about nine times out ten. Cuban says -
“We created several hundred possible addresses for Cuban in a few seconds, using a Microsoft Excel macro,” Seely said. “It’s just a brute-force guessing game, but 90 percent of people are going to use an email address that includes components of their real name.”
This something like social engineering or luck by chance. We like to here from our readers that, What they think about this features of social media platform? Any suggestion or recommendation to prevent this from users end? Share your views on the comment box.
Source: Krebson security