Private LinkedIn Profiles Revealed

For security purposes, and for the point of the leveraging, the popular business networking web site LinkedIn provides an aspect of anonymity to job seekers/users by marking their profile as “Private” if it is found via the web site’s own key word search.

For example, I was seeking a Linux user and developer with experience with IBM systems, so I searched for Linux IBM on the key word search. A bit down the page, I found a headline “Linux Solutions,” in the Greater Atlanta Area. That is a good find, and the user gets bonus points for being local.

Unfortunately, this user has chosen to remain “Private,” or so he thinks. Here is a neat little bit of “social engineering” knowledge that you might be aware of if you have ever filled out an online resume. Resume writers tend to use the same (or very similar) phrases, or in some cases, the exact same text, and the same (or very similar) order when describing their employment history and/or abilities.

So, we look at the user’s work history. IBM Solutions at IBM. Owner of K and K Management Group. Not too shabby. Allow Google to come into play by searching for some of the user’s key phrases, one by one (try with quotes around the queries to find exact matches).

No common results, probably due to the large corporations that this user has worked for. However, the last search “Systems Administrator at TowerJ Corporation” has a few results. In fact, the first few results are resumes. And, the resume of the first result seems to belong to a resident of Atlanta, Georgia. Isn’t that where our history user is from? Of course it is, or I would not point it out.

No go. The web site is down. However, back up on the domain. Yencer.net is a valid and working web site. Oh, and there seems to be a resume involved.

A quick read of the resume gives us a suspect, Kyle Yencer. His resume matches up pretty well with the LinkedIn profile. But how can we check to make sure? Go back to LinkedIn and do a “people search” for the suspect. Goodness, doesn’t that look familiar? The two LinkedIn profiles, the Private profile and that of Kyle Yencer, are identical until a name is used. I believe we have found our LinkedIn user, who probably thought that his LinkedIn profile was private.

I hope this little article does not upset LinkedIn or Mr. Yencer. It does point out a design flaw with the web site, but is not a threat to personal security, because for it to work, the information must already be available on the Internet.

Make a Reply:

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>