User data can include a lot of things, many of which is personal and private data.
This kind of data can be expensive because it can be used for scam and other sorts of criminal activities. And this is the reason why hackers are always on the move to exploit weaknesses on online services and apps, in order to find ways to extract data from them.
And this time, LinkedIn is again a victim.
The business and employment-oriented online service has experienced a massive data breach that reportedly exposed the data of around 700 million of its users.
What this means, around 92% of all users are having their data stolen by hackers.
The breached data includes full names, gender, email addresses and physical addresses, industry information, geolocation records, phone numbers, as well as inferred salaries of the users. Other data includes LinkedIn username and profile URL, personal and professional background, and also their other social media accounts and usernames.
The hackers are selling the stolen data on a hacking forum.
The uploader that goes with the name ''TomLiner' tries to sell the information, by also posting a sample of the data breach. Around 1 million LinkedIn users are contained within the sample.
Publications that have seen the data confirmed that the data advertised by the hacker “is both genuine and up-to-date,” with data dating from 2020 to 2021. The report further mentions that the breached data contains a plethora of information. Some of this includes users’ full names, email addresses, phone numbers, physical addresses as well as geolocation records.
The hackers said that they got hold of the data by exploiting the LinkedIn API.
The vulnerability at the API allowed the hackers to harvest the information that people upload to the platform.
While the amount of data the hackers are selling is alarming, fortunately, no private message data has been leaked.
No credit/debit card information or passwords have been leaked either.
This is the second such breach of its kind, compromising LinkedIn.
Earlier this 2021, Linked experienced its first data breach. At that time, data of around 500 million was stolen through the very same vulnerability. At the time, LinkedIn acknowledged the data breach, stating that the breach involved publicly viewable profile data that scraped from Linkedin.
It should be noted though, that it's not yet realized whether or not the 700 million records are a cumulation of data from previous breaches and public profiles, or whether the information is from private accounts.
Researchers warned that the data from this breach can be the source for hackers to develop sophisticated cyberattacks.
By leveraging personal information such LinkedIn users' real names, gender or place of work, cybercriminals can use this to craft social engineering to launch automated targeted and/or phishing attacks.
Or worse, identity theft is also possible.
“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources,” according to the company’s press statement.
“This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”