Overview
700 Million LinkedIn Users Data Being Sold Online: For a second time this year, after an online data sale for 500 million users two months ago, data for 700 million LinkedIn users have been again posted for sale on a popular hacker forum. The breached data includes LinkedIn IDs, names, email addresses, gender, industry and other personally identifiable information (PII) from the users’ public profiles.
Content of the Data on Sale
According to Privacy Sharks, a hacker this time posted 700 million data about LinkedIn users, 200 million more records than the previous LinkedIn users data sale contained. Given there are a total of 756 million LinkedIn users currently, the data on sale affects about 92% of all the LinkedIn users.
The seller with the user profile “God User” shared only 1 million records on a popular Dark Web forum as a proof of allegedly owning 700 million records of user data. At the moment, it cannot be confirmed whether this data breach contains the same data with the previously posted data on sale or not. However, it is known that the data on sale contains publicly available information on users such as such as LinkedIn IDs, names, emails addresses, gender, industry etc.
Regarding the data posted for sale, currently, LinkedIn has not reported any security breach on their systems. However, as the data contains only publicly available information on users, it is highly likely that it could have been collected via web scraping from publicly available information on a number of websites, including the LinkedIn pages. LinkedIn made the following explanation the data breach news.
“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources,” according to the company’s press statement. “This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
Previous Data Sale on LinkedIn Users
About two months prior to this incident, another hacker posted an archive of 500 million users data that contained LinkedIn IDs, names, genders, titles, email addresses, phones and links to other social media profiles for 2 million records as a proof of the data breach. The hacker requested about $2 for viewing the samples of the leaked data and at least a four-digit-sum payment in return for disclosing the whole set of the breached data.
I’ve come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and relieved of it. There really don’t seem to be any exceptions, and it gets depressing.
Brian Krebs
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
What Users Should Do About the Breach?
Whether be stolen or scraped, it is highly likely that 700 million users’ data could be in the hands of hackers for sale and evidently one million of those records have been released already. Although the leaked data does not contain sensitive information like credit card information, other interested malicious third parties may use such information for conducting social engineering attacks like phishing or spear phishing attacks or for spamming the released emails and phone numbers.
Thus, we suggest LinkedIn users to be beware of suspicious emails, LinkedIn messages and phone calls that could make use of the posted.
References
You could also read our popular articles What is a Security Vulnerability? or What is Vulnerability Scanning?
