Data on around 700 million LinkedIn users has appeared for sale on a hacker forum, potentially affecting the majority of the site’s 756 million strong userbase.
The data leak was discovered by online safety review site PrivacySharks. It said that a user of RaidForums, a highly-ranked ‘GOD User’ using the name TomLiner, made a post on June 22nd claiming to be in possession of the data. As proof, they provided a sample of one million records.
According to the groups’ researchers, who reviewed the sample, the records include full names, gender, email addresses, phone numbers, and industry information.
However, the sample did not appear to contain financial information, such as banking or card details, or private messages.
Responding to the incident, LinkedIn Corporate Communications Manager, Leonna Spilman, said: “While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources.
“This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
A similar leak occurred earlier this year. In April, data on 500 million profiles was discovered for sale, including names, email addresses, phone numbers and workplace information.
At the time, LinkedIn denied that the data came from a breach of its systems, saying instead it was a data scrape from various websites and companies.
- Cyber Basics | The essentials for improved cybersecurity
- UK and Singapore begin negotiating digital trade agreement
- Frog Systems giving UK job hunters a helping hand through new platform
However, whether the LinkedIn data leak contains private information or not, PrivacySharks warned that the breach still poses a threat to users. Threat actors can use the information to better target and tailor their attacks, which could form anything from spam campaigns to identity theft.
The professional information available can also be used to create spear phishing attacks, aimed at making victims share important financial or credential information, or download malware into work systems.
As artificial intelligence becomes more sophisticated, threat actors have gained numerous tools to help them gain their victim’s confidence, choosing targets, or using small amount of information to attack vulnerable systems.
“Although password and email address combinations are not a part of this recent leak, it is a good idea to secure your LinkedIn account by updating your password and passwords for your other online accounts,” PrivacySharks said in a statement.
“Enabling two-factor authentication will also help prevent brute force attacks, which are a likely result of this recent data leak.”