So I just got an email from LinkedIn saying that someone wanted to connect. About half of these are spam from recruiters who I have no connection to, and the other half are actual people I've worked with. This one was an actual person who works on the same open source project as me, so I added him.
And then the LinkedIn site said (roughly) "Add your email password! So we can manage your contacts for you! It's secure (picture of padlock)."
Ahem:
1. This is phishing. You should never give your email password to any site (except your actual email provider, since you need it there to login). Your email password is the key to your entire online identity — if someone has your email password then he can, for example, look for emails from your bank to know which bank you use, then reset your online banking password and loot your bank account. (Of course LinkedIn is not actually planning to do that — but a rogue employee or someone who hacks into their systems might.)
Of course I'm not stupid enough to give them my password, but many people are. It's ridiculously irresponsible for them to ask for it.
2. Secure my ass. LinkedIn leaked 8 million users' passwords less than a year ago, because they were storing them in the database unsalted. Which is seriously negligent. They've probably fixed that particular bug, but there are probably plenty more.
3. They should know better than to put their marketing plans ahead of their users' security. They're not going to learn about security until it costs them users. So, scratch one user.
Post a Comment
You must be logged in to post a comment.