Modern field guide to security and privacy

The hacker’s guide to selling the LinkedIn way

You may have heard that a hacker is trying to sell more than 100 million LinkedIn passwords and usernames for around $2,000. It's troubling news, but is that all they are really worth?

Marcio Jose Sanchez/AP/File
LinkedIn CEO Jeff Weiner.

Maybe you yawned when you heard the news that the e-mail addresses and passwords of more than 100 million LinkedIn users were put up for sale on the Dark Web. After all, security breaches like these are becoming so common that they’re barely newsworthy.

But this time, at least some folks at LinkedIn really should hang their heads in shame. If LinkedIn is such a powerful, effective sales channel, why is the hacker known as Peace – who's reportedly selling the LinkedIn trove – trying to pull off this sale for only around $2,000?

The only possible explanation is that Peace hasn’t yet read any of LinkedIn’s many blog posts, articles, and ebooks on the awesome, revenue-generating power of LinkedIn’s "social selling."

So, we're offering Peace some advice based on LinkedIn’s Top 10 Actionable Sales Tips:

'Create an effective executive profile'

Listing your most epic hacks may cut it on the Dark Web, but as the corporate marketing gurus warn, "don’t let your LinkedIn profile read like a resume."

Skip LinkedIn’s advice to upload a professional photo (hello, law enforcement!) and just follow their guidance to tell "the story of you."

Your experience pwning websites is really going to pay off when you get to writing your profile, because the typical LinkedIn page (“Leading sales enablement officer and brand influencer, Smithville 7/11”) looks a lot like a classic website defacement (“This site dominated by the world’s greatest hacking crew”).

Taking a cue from typical LinkedIn profiles, you might try describing yourself as "Global leader in enterprise-scale data sales • F1000 username specialist."

'Efficiently connect with the people that matter'

The marketing hordes follow this advice by logging into LinkedIn after every conference or meet-up, and sending a connection request to every sucker who dared to hand over a business card. If you think that counts as efficient, see how many people you can connect with when you’ve got direct access to millions of user accounts!

Forgot waiting and waiting for an answer to each connection request; just write a script to send requests to all the users you’ve hacked, and then write a second script that uses your database to log into each account and accept the requests. 

'Follow your customers' activity in real time'

LinkedIn recommends that you "[k]eep tabs on your contacts’ interests and updates so you can remain top of mind."

Welcome to the nightmare of visiting LinkedIn three times a day, just so you can comment on the latest random link shared by somebody who somewhere, someday might consider taking a sales call.

Well lucky you: You’re not limited to updates as a source of customer insight! Try running each username and password through Gmail, Amazon, and Facebook to get the real-time insights you need.

You don’t really know your customers until you’ve read the secret Facebook chat they’re having with their high school girlfriend. And to stay top-of-mind, consider snagging an e-mail or incriminating photo that you can post on the Internet: nothing will do more to make your customers receptive to your message than the realization that you have full access to their darkest secrets.

'Reach people directly and more credibly with InMail'

LinkedIn wants salespeople to use its built-in messaging system as a way of reaching out to sales prospects. LinkedIn users are all too familiar with getting messages from people desperate to set up calls to “discuss how we can work together to unleash your next growth opportunity," so nobody will be surprised to hear that you’ve got something special to sell them.

That’s why you need to use your special talents to stand out from the crowd – and thanks to the direct access you have to your prospects' online accounts, you're in an unusually good position to follow their advice to "[i]dentify something personal about the person that you can reference in the message.”

Here’s what your InMail message to prospects might say:

Dear [insert first name], 

Thanks so much for accepting my connection request. [Pause while First Name scratches his head and thinks that’s weird, I don’t remember accepting a connection request.] 

I wanted to reach out to you with an exciting business opportunity. Based on your relationships with [insert 3 names scraped from their contact list], I know how much you care about engaging with your customers and growing your market — and how much you care about [insert incriminating interest gleaned from First Name’s email or Facebook history].

That’s why I want to give you the chance to get exclusive access to a untapped wealth of potential customers — customers you can reach directly from inside their own inboxes! For just $2,200, we’ll provide you with the usernames and passwords of more than 100 million people who are just waiting to buy your product. Now, they won’t have to wait, because you can use those usernames and passwords to log onto Amazon, Walmart, Ebay or wherever else you’d like them to start buying.

This unique opportunity won’t last long: to ensure a quality experience, we’ll only accept the first 100,000 orders we receive.

Sincerely, Peace

P.S. For a small additional fee, we can also teach you how to protect yourself from these opportunities in the future.

P.P.S. Follow me on Twitter! @LinkedInHackerz 

Of course, the sales tips that LinkedIn provides aren’t intended for hackers. They’re intended for the millions of sales people who use LinkedIn to build their prospect lists and close deals.

But perhaps this hack can serve as a reminder to everyone using LinkedIn, and anyone thinking about signing up for the network. Yes, you can and should secure your online accounts by using unique passwords and two-factor authentication. But here’s an even more radical way to protect your online security: Think twice before joining every single social network that comes calling.  


You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to