LinkedIn in hot soup after being hit by a data leak scandal for over 500 million users which were found for sale on the hackers’ website.
The dataset extracted by hackers from LinkedIn’s database includes sensitive information like User IDs, email addresses, phone numbers, workplace information, full names, account IDs, links to their social media accounts, and gender details.
The data breach was confirmed by CyberNews researchers who revealed in addition, that the leaked data was posted to a forum popular with hackers by a user asking for a four-digit amount (in USD) in the exchange for the breached data, potentially in the form of Bitcoins.
This attack comes just days after a similarly massive data breach from over 500 million Facebook users was leaked.
LinkedIn has over 740 million users, the company mentions this on its website, which means that data of over two-third of its subscribers has been compromised and being sold online.
A LinkedIn spokesperson confirmed to Insider that there is a dataset of public information that was scraped from the platform.
“While we’re still investigating this issue, the posted dataset appears to include publicly viewable information that was scraped from LinkedIn combined with data aggregated from other websites or companies,” a LinkedIn spokesperson told Insider in a statement. “Scraping our members’ data from LinkedIn violates our terms of service and we are constantly working to protect our members and their data,” reported the Insider quoting LinkedIn Spokesperson.
An example of leaked data
Security analyst Paul Prudhomme told Insider that the dataset if exposed to bad actors, could lead to attack on many companies through their employees. He said that these attacks are more likely to succeed due to the rise of remote work and the use of personal devices for office work.
This is true to the fact that LinkedIn is a social network for social engagement, job search, and education, and as result, many users provide their biodata inclusive of CV data, working experience details which reveals more about companies and organizations where one has served. This creates an information detail which if well combined can create a deadly lead to many companies.
The lack of financial or identification records doesn’t mean the leaked data isn’t dangerous, though. “Particularly determined attackers can combine information found in the leaked files with other data breaches to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum,” CyberNews said.
The Italian privacy watchdog company has commenced investigations into the Linkedin data breach that has exposed the personal information of million users. The authorities told Bloomberg that it has started an investigation following “the dissemination of user data, including IDs, full names, email addresses, telephone numbers.”
Cyber research experts have advised the user to consider changing LinkedIn account passwords and email account passwords associated with LinkedIn profiles, Creating a strong, random, unique password, and storing it in a password manager that can autofill logins, Installing strong anti-phishing and anti-malware software, and enabling two-factor authentication (2FA) on LinkedIn accounts and any other account that offers 2FA among others as the precautions to curb such attacks.
How can you check if your data has been leaked?
To see if your email address has been exposed in this data leak or other security breaches, use the Cyber Researchers’ personal data leak checker with a library of 15+ billion breached records.
A few days earlier, the personal data of 533 million Facebook users was leaked recently on a hacking forum. The large dataset includes users from 106 countries, including 32 million records from users in US and 6 million users in India.
Their email addresses, phone numbers, Facebook IDs, locations, birthdate, and bios have reportedly been exposed.
A Facebook spokesperson said that the dataset was breached due to a vulnerability patched two years ago.