Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Last Tuesday, a popular hacker calling himself “GOD User TomLiner” advertised data from over 700 million LinkedIn users for sale with samples that the data is real and up to date as per June 2021.
LinkedIn is one of the most popular professional networking platforms that allows its users to create business connections, discover potential clients, connect with people from different professions, search for jobs, and others.
According to researchers, the sample of the data published on RaidForums included details of over 1,000,000 LinkedIn users with email addresses, personal details, phone numbers, full names, and home addresses.
Following cross-checking and investigation, it has been confirmed that all of the leaked data is authentic but it does not contain any financial information such as legal documents or credit card details that can be used for fraudulent purposes.
According to the organization profile, LinkedIn has a total of 756 million members on its platform out of which, private information of 700 million users has been leaked online.
Reports show that 93% of all social platform users can now be found with all their information through these records.
How Did the Leak Happen?
It’s still uncertain what the origin of the data is but the scraping of public profiles might be the starting point. That was the generator behind the collection of 500 million LinkedIn records that were advertised for sale in April 2021.
As stated by LinkedIn, it contained an aggregation of information from several sites and organizations as well as publicly viewable member profile details. The platform stated that no breach of its networks has occurred this time, either.
While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.
A Privacy Shark’s blog post stated:
This time around, we cannot be sure whether or not the records are a cumulation of data from previous breaches and public profiles, or whether the information is from private accounts. We employ a strict policy of not supporting sellers of stolen data and, therefore, have not purchased the leaked list to verify all of the records.
There Might Be Consequences
Even if no credit card details, sensitive messages, and other private data were involved in the attack, the leaked information poses a threat to impacted LinkedIn members.
With information such as email addresses and phone numbers that can be purchased online, LinkedIn users could easily become the target of spam operations or victims of identity theft. They could also be tricked via email or telephone scams into sharing private credentials or transferring money.
Cybersecurity specialists warned that by using the leaked email addresses, threat actors may try to access users’ accounts utilizing various combinations of common password characters.
Users are advised to secure their LinkedIn accounts by updating passwords and enabling two-factor authentication.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.
