Last week, LinkedIn, a site where professionals network with each other, sent some users this less-than-urgent email:

However, at the same time, LinkedIn’s chief technology officer posted this more dire warning on the company’s official blog:

*MOUSE PRINT:

In 2012, LinkedIn was the victim of an unauthorized access and disclosure of some members’ passwords. At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure. Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.

Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.

…

UPDATE: May 18, 5:30 p.m. PT

We’re moving swiftly to address the release of additional data from a 2012 breach, specifically:

We have begun to invalidate passwords for all accounts created prior to the 2012 breach​ that haven’t update​d​ their password since that breach. We will be letting individual members know​ ​if they need to reset their password.

So he’s saying that maybe over 100 million emails addresses and passwords (actually 117 million according to news reports) were stolen previously and are now for sale, and not just the 6.5 million originally believed.

It seems that their casual email to members seriously underplays the seriousness of the situation. And as we’ve said before, the worst mouse print is the disclosure that is not made.

UPDATE MAY 25:

LinkedIn just sent a “Notice of Data Breach” to registrants outlining in more detail what happened. (They must have read Mouse Print* this week. )

It seemed like a fine school. The University of Northern New Jersey had both undergraduate and graduate programs. It specialized in business administration, computer science, and health sciences. It was accredited by two organizations and maintained an elaborate website for students and prospective students.

The school had its own Facebook page:

The university was recognized by the state of New Jersey’s Department of Higher Education:

There was just one problem.

*MOUSE PRINT:

The university was fake. It was set up as a sting operation in 2012 by Homeland Security to catch scamsters who forged documents and paid bribes to get foreign students admitted. That would then qualify the foreign student to gain entry into the U.S. via a fraudulently obtained student visa.

Here is the story from the New York Times (click top link on redirect page).

Just in time for April Fool’s Day…

Amazon recently released a software gaming platform for developers called Lumberyard. Buried in its terms and conditions is this unexpected little ditty:

*MOUSE PRINT:

57.10 Acceptable Use; Safety-Critical Systems. Your use of the Lumberyard Materials must comply with the AWS Acceptable Use Policy. The Lumberyard Materials are not intended for use with life-critical or safety-critical systems, such as use in operation of medical equipment, automated transportation systems, autonomous vehicles, aircraft or air traffic control, nuclear facilities, manned spacecraft, or military use in connection with live combat. However, this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization. [emphasis added]

So only if science fiction zombies come to life, then and only then, can this software be used to save lives.

The world can rest easy now. Thanks, Amazon.

Over the years, manufacturers have come up with a variety of obnoxious rebate requirements to trip up purchasers or to dissuade them from filing for their money back in the first place.

This new one from Laplink is a doozy, which was required to get the $30 PC Mover full price rebate that Consumer World promoted a few weeks ago as a “Bargain of the Week.”

Easy to miss is this fine print requirement to include personal identification.

*MOUSE PRINT:

¹To avoid fraudulent requests, you are required to submit evidence supporting your name and address. Acceptable evidence is a copy of government-issued identification (such as a driver’s license) or the front page of a utility or credit card bill. Account number or similar information may be blacked out. The name and address are required to match the name and address on the rebate request form.

What? They want a copy of your drivers license or credit card statement? Are they crazy (albeit they do allow you to blacken out account numbers, etc.)?

No company in memory has ever conditioned a rebate on what some might consider an invasion of privacy or a security risk. We asked Laplink why they are doing this considering that the rebate is in the form of a check that has to be either cashed or deposited at a bank in an account that matches the payee. The company did not respond.

Many people are reluctant to shop at eBay because unlike buying from a retail store, many items are sold by individuals and don’t come with any return privileges. When you are purchasing antiques, for example, it is often hard to tell just from the pictures what the actual condition of the item is, what the flaws are, and even what the true colors are.

So, it certainly can relieve some of that anxiety when you see that an individual seller has a decent return policy. Take for example this one, that offers a 14-day money back guarantee.

When clicking that “details” link, the truth is revealed.

*MOUSE PRINT:

I accept returns only on items in which I have made a mistake in the listing. It is the buyer’s responsibility to ask any and all pertinant questions about an item prior to bidding. I require immediate notification, (within 24 hours of receipt of the item), of intent to return by the buyer. I do not accept returns for buyer’s remorse or for items that the buyer assumed could be purchased on approval. If you want your friend’s “expert” opinion on a piece, you need to have them view the listing and read the item description prior to bidding. You do not get to do this after receiving the item because this constitutes “buying on approval”. The returned item must be received by me in the same condition it was in when inititally shipped to the buyer.

Basically, what this seller is really saying is that you have no regular return rights, including 14 days to try out the item. You only have a right of return for a misrepresentation and YOU have to pay the return shipping!

That certainly is far different from what the average consumer would understand “14 days money back” to mean. So as with everything we write about in Mouse Print*, you have to read the fine print or you could get snookered.