Comment by noja
5 months ago
They were evil before.
Previously they’d take your LinkedIn password and try using that to log in to your email account to grab your contacts.
5 months ago
They were evil before.
Previously they’d take your LinkedIn password and try using that to log in to your email account to grab your contacts.
Wasn't this also how some services would connect e.g. your bank accounts? They'd ask for your credentials and log into your bank to scrape its contents.
And I kinda get it, some services external to your bank can help you manage your finances etc. But it's why banks should offer APIs where the user can set limited and timed access to these services. In Europe this is PSD2 (Revised Payment Services Directive).
I think the key point is that they would take your Linkedin password and try to use that on your email without asking you, in case you reused passwords.
This is a big thing, is there any evidence? Not implausible unfortunately…
https://en.wikipedia.org/wiki/LinkedIn#Use_of_e-mail_account...
This sounds absolutely insane.
Ok I didn't know that. Very good point. Wow.
The linked wikipedia article below says that they asked you for your email password specifically -- is there any evidence that they would try to use your linkedin password itself?