Business

Updated every Monday!   Subscribe to free weekly newsletter.

Is LinkedIn Telling it Straight?

Last week, LinkedIn, a site where professionals network with each other, sent some users this less-than-urgent email:

LinkedIn email

However, at the same time, LinkedIn’s chief technology officer posted this more dire warning on the company’s official blog:

*MOUSE PRINT:

In 2012, LinkedIn was the victim of an unauthorized access and disclosure of some members’ passwords. At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure. Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.

Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.

UPDATE: May 18, 5:30 p.m. PT

We’re moving swiftly to address the release of additional data from a 2012 breach, specifically:

We have begun to invalidate passwords for all accounts created prior to the 2012 breach​ that haven’t update​d​ their password since that breach. We will be letting individual members know​ ​if they need to reset their password.

So he’s saying that maybe over 100 million emails addresses and passwords (actually 117 million according to news reports) were stolen previously and are now for sale, and not just the 6.5 million originally believed.

It seems that their casual email to members seriously underplays the seriousness of the situation. And as we’ve said before, the worst mouse print is the disclosure that is not made.

UPDATE MAY 25:

LinkedIn just sent a “Notice of Data Breach” to registrants outlining in more detail what happened. (They must have read Mouse Print* this week. )

Updated every Monday!   Subscribe to free weekly newsletter.

“Use Only in the Case of an Apocalypse”

Just in time for April Fool’s Day…

Amazon recently released a software gaming platform for developers called Lumberyard. Buried in its terms and conditions is this unexpected little ditty:

*MOUSE PRINT:

57.10 Acceptable Use; Safety-Critical Systems. Your use of the Lumberyard Materials must comply with the AWS Acceptable Use Policy. The Lumberyard Materials are not intended for use with life-critical or safety-critical systems, such as use in operation of medical equipment, automated transportation systems, autonomous vehicles, aircraft or air traffic control, nuclear facilities, manned spacecraft, or military use in connection with live combat. However, this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization. [emphasis added]

So only if science fiction zombies come to life, then and only then, can this software be used to save lives.

The world can rest easy now. Thanks, Amazon.

Updated every Monday!   Subscribe to free weekly newsletter.

Is it a News Story or Is it an Advertisement?

 Every day, MrConsumer scours the Internet to find the 25 or so stories that we feature in Consumer World each week. And it should come as no surprise that Google News is a primary source. Last week, when searching for news stories one day, this was what Google News presented:

Google result

The very first result looked like a great story to bring to the attention of Consumer World readers — “10 Ways You’re Throwing Money Away Daily.” Upon clicking the link, one is brought to that story on the LA Times website:

latimessmall1
Click on picture to expand to full size,
click resulting picture if necessary to enlarge,
and scroll to the top.

It is a very long story offering all these tips, with appropriate graphics for each one. Tip #3 caught our eye, suggesting that money could be saved on eyewear by purchasing a vision plan:

eye tip

The link presented in the tip takes the reader to VSP — Vision Service Plan — where it purports to show dramatic savings on a pair of eyeglasses. And one can enroll in the plan right there.

Pretty clearly, this whole long story providing savings tips had a single purpose — to drive readers to this insurance plan. But it was a news story, right?

Scrolling back to the top of the page, the secret is revealed:

*MOUSE PRINT:

disclaimer

There it is. “Advertisement” in tiny letters (actual size). Did you catch it when you first looked at the full graphic above? Do you think that most people caught it?

This whole “story” that went on and on, page down after page down about eight times, was actually an ad, and not editorial content presented by the LA Times. This is called “native advertising” where the content is made to fit it more with the surrounding content on a webpage and appear less like an advertisement.

We wrote to the LA Times and explained how something like this could mislead readers. We asked some very pointed questions about this manner of presenting advertising with such a small disclaimer, how it wound up in Google as a news story, and if they were going to try to fix the problem. They responded:

“…the advertisement in question is clearly labeled as such and the only path for readers to find that content was intended to be via an latimes.com panel that is also clearly labeled as advertising. However, your inquiry brought our attention to the fact that although this ad – and others of the same ilk – is not included in our News SiteMap and the page has “noindex nofollow” directives, there appears to be a technical glitch with Google News. We are working with Google to find out why the content is indexed incorrectly and have the issue fixed as soon as possible. In the meantime, we have removed the advertisement from our site to eradicate potential for further confusion.” — V.P. Communications, Los Angeles Times

While we are gratified that the paper acted so quickly to remove the advertisement, they seem not to have a problem with such a small disclaimer at the top. We hope they will reconsider that position, and if they continue to display advertisements that look identical to news stories, that they will take further steps to more clearly identify and differentiate that kind of content.