The data of 700 million LinkedIn users has been compromised, according to a new report by Privacy Sharks. The researchers came across the data records on a popular underground forum where it was offered for sale.
700 Million LinkedIn Records Up for Sale on a Hacker Forum
700 million LinkedIn records were offered for sale on RaidForums by a hacker known under the alias GOD User TomLiner. According to the advertisement, posted on June 22, 700 million LinkedIn records were included in the cache. A sample of 1 million records was also available for proof.
The Privacy Sharks team contacted LinkedIn and received an official statement from Leonna Spilman Corporate Communications Manager, which denied any possibility that the enormous amount of data was compromised in a data breach. This is was the statement said:
While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.
It is noteworthy that this is not the first significant LinkedIn data leak that took place recently. However, the previous data leak was a result of an aggregation of data from various websites and companies and publicly viewable user profile data. The previous incident also was not categorized as a data breach, as there was no private information stolen.
“This time around, it seems as though the records are, once again, a cumulation of data from previous leaks,” the researchers noted. However, leaked data could still include details from both public and private profiles.
What are the consequences of the data leak for LinkedIn users?
Needless to say, the incident creates a potential threat to affected LinkedIn members. “With details such as email addresses and phone numbers made available to buyers online, individuals could become the target of spam campaigns, or worse still, victims of identity theft,” the report highlighted.
Based on the type of personal detailed that were leaked, potential impact includes brute force attacks, various scams, and targeted advertising.
Preivious LinkedIn Data Leaks and Incidents
In April, we reported about a spear phishing campaign specifically targeting LinkedIn users. According to eSentire security researchers, the phishing messages attempted to lure professionals on LinkedIn into opening a malicious .ZIP attachment. The file was named using the victim’s current job title, in an attempt to make it look legitimate.
In 2016, Motherboard reported that LinkedIn’s website was exposed to a data breach in 2012, with its consequences revealing in 2016. The data breach affected 117 million accounts. A hacker, known as Peace, contacted the famous online magazine, telling them that the million-user data was stolen during the LinkedIn breach few years ago.
A few months following the disclosure, a post-breach malicious campaign took place. The German federal CERT released an alert about tailored phishing emails aimed at European users of LinkedIn, associated with the data from the 117-million LinkedIn data set. The campaign’s payload was banking malware, with specific people receiving tailored malicious emails in different languages.