It was discovered by CyberNews's analysts that data from over 500 million LinkedIn users is being sold on an online forum to hackers.
The trove of data includes user IDs, full names, gender details, email addresses, phone numbers, professional titles, links to LinkedIn profiles and other social media profiles, and other professional titles and work-related data.
CyberNews that got hold of the data, said that they were able to verify that the data was associated with LinkedIn user accounts. despite not knowing how old exactly the data is, or how the bad actors managed to obtain it.
It should be noted though, that the data isn't actually a hacked data.
LinkedIn itself said in a statement that it wasn't hacked, suggesting that the data is scraped from its public-facing service.
The social media for professionals and business said that the data contains some “publicly viewable member profile data,” and is “actually an aggregation of data from a number of websites and companies.”
“While we're still investigating this issue, the posted dataset appears to include publicly viewable information that was scraped from LinkedIn combined with data aggregated from other websites or companies. Scraping our members' data from LinkedIn violates our terms of service and we are constantly working to protect our members and their data,” said a LinkedIn spokesperson.
"This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we've been able to review," the company said.
“Any misuse of our members’ data, such as scraping, violates LinkedIn terms of service,” LinkedIn said in a statement.
“When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.”
The data is reportedly being sold by an unknown individual on a hacker forum, who has dumped data of over two million users as sample proof. The person asks for a four-digit amount in U.S. dollars in exchange for the data.
At this time, LinkedIn has more than 700 million users, meaning that the leaked data represents over two-third of its subscribers.
Fortunately, the scraped LinkedIn data does not contain any sensitive information, like credit card information. However, considering the amount of data that can be profiled to certain individuals, bad actors could use it to perform some sophisticated hacking attacks.
For example, hackers could use data like people's full names, and pair that with their email addresses and phone numbers, to conduct a spear phishing attacks.
In professionals' hands, the data can also be used for impersonation attacks, brute-force accounts, or sending spam emails.
This incident marks the second major data after Facebook, which saw the data of its over half a billion users scraped and put online.
That data included full names, email addresses, phone numbers, and location information.
In June 2021, LinkedIn again has its data scraped.
Read: 533 Million Facebook Users' Personal Data Leaked To The Internet