Data of over 700 million LinkedIn users, or about 92 percent of the company’s entire userbase, is now available on the Dark Web. The hacker has even posted a “sample set” of 1 million users for potential buyers to verify.
LinkedIn has about 756 Million users, and data of 700 Million of them are now available for sale on the Dark Web. Independently verified data records confirm the sample includes include phone numbers, physical addresses, geolocation data, and inferred salaries of 92 percent of users.
New LinkedIn data leak exposed details of more than 90% of users
— Giovani di Gesù (@giovanidigesu) June 29, 2021
The majority of LinkedIn users are now part of massive data theft:
A hacker has advertised LinkedIn data, which he claims is of about 700 Million LinkedIn users, is for sale. To back such seemingly ludicrous claims, the hacker has posted a sample of the data that includes 1 million LinkedIn users. Reports confirm the sample contains the following information:
- Email Addresses
- Full names
- Phone numbers
- Physical addresses
- Geolocation records
- LinkedIn username and profile URL
- Personal and professional experience/background
- Other social media accounts and usernames
“Second massive LinkedIn breach reportedly exposes data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, w/ records including phone numbers, physical addresses, geolocation data, & inferred salaries.” https://t.co/nxhsMjr3K6
— InfoSecSherpa (Tracy Z. Maleeff) (@InfoSecSherpa) June 29, 2021
RestorePrivacy has independently verified the same, and claims the user data is authentic and “tied to real users”. It is even more concerning to note the data does appear to be up to date. The analysis includes the sample contains the latest information ranging from 2020 to 2021.
The data does not include passwords. This means hackers cannot compromise or manipulate account information, yet.
However, the data is practically invaluable. LinkedIn users are vulnerable to professional phishing scams. Hence, some cleverly crafted scams could manage to illegally obtain login credentials for LinkedIn and other sites.
LinkedIn apparently did not mend its ways and hackers merely reused tricks that worked before:
LinkedIn, the social media platform for professionals, has suffered a very similar data leak in the recent past. Reports claim the hacker obtained the data by exploiting the company’s API to harvest information that people upload to the site.
This method is called “scraping”. Simply put, there’s no “data breach”, wherein hackers usually compromise security, illegally obtain unauthorized entry, and steal data. Scraping tools, when perfected, trawl the servers and databases, collecting and collating information.
The alleged LinkedIn data leak puts roughly 92% of its users at riskhttps://t.co/E4u3J5aULA
— Android Central (@androidcentral) June 29, 2021
LinkedIn has issued a formal statement, in which it specifically claims that it did not face a data breach. “While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources.”
“This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
Data scraped from 700m LinkedIn users appears for sale online https://t.co/g9GBtg8mkP
— Silicon Republic (@siliconrepublic) June 29, 2021
A previous such data leak happened in a very similar manner in April, this year. During the same, hackers obtained user data of over 500 Million users from “multiple sources”.
With such repeated data exposures, several LinkedIn “Premium” subscribers are reportedly considering canceling their subscriptions. A premium package costs $29.99 per month. Incidentally, Microsoft owns LinkedIn.