Mere days after news broke of a data leak that impacted more than half a billion Facebook users, another massive batch of people’s personal information is being offered for sale on a hacking forum. This time around, the treasure trove of data originates from LinkedIn, although the social networking site says that the records don’t come from a data leak or a breach of its systems.
According to Cybernews, which broke the story, an unidentified individual claims to have scraped information from 500 million LinkedIn accounts, which is no less than two-thirds of the site’s entire user base. The leaked information, which is up for grabs in an auction with a minimum four-digit asking price, allegedly includes a wide range of data.
To boost the veracity of their claims, the hacker posted a sample of some two million records that includes users’ LinkedIn IDs, full names, email addresses, phone numbers, gender, workplace information, and links to their social media profiles among others. Interested parties can view the leaked samples for as little as US$2.
The Microsoft-owned social network, however, disputes that all of the information came solely from them. “This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review,” reads the statement by LinkedIn.
“We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies,” said LinkedIn. However, the site did go on to confirm that the database includes information from publicly viewable member profiles, which may have been scraped from its website.
It remains unclear whether the data that is being offered for sale is up-to-date or was collected from a previous data breach suffered by the professional social network and other companies.
And, as ESET Chief Security Evangelist Tony Anscombe astutely noted, most information obtained from data breaches doesn’t really diminish in value over time, which means sufficiently motivated threat actors could abuse it for all manner of attacks. This includes targeted phishing campaigns and social engineering attacks or the leaked data could even be used to perpetrate identity fraud.
To mitigate the chances of falling victim to enterprising cybercriminals, LinkedIn users would do well to double down on their security. Most of all, be wary of unsolicited messages from strangers that contain suspicious links or attachments. If you suspect that your data might be part of the leak, consider changing your password, or better yet use a password manager that will generate a hard-to-crack password for you. Enabling multi-factor authentication, ideally using a hardware token or a mobile app, is also strongly recommended.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.