LinkedIn has not suffered data breach but the records being sold are collected through data scraping technique.
Two months back, Hackread.com exclusively reported a staggering data leak compiled as a result of data scraping involving LinkedIn where threat actors posted 500 million and over 800 million LinkedIn user profiles up for sale on a hacker forum.
The databases didn’t contain users’ passwords, but the data could have allowed cybercriminals to carry out various attacks, including identity scams, SIM swapping, and SMSishing.
Now, a seller identified as TomLiner on an infamous hacker forum, claims to possess 700 million LinkedIn user records. The new posting appeared on June 22nd with a sample of 1 million records.
Sample Data Declared Authentic
As seen by Hackread.com, the records include personally identifiable data such as:
- Full name
- Phone numbers
- Email addresses
- Geolocation records
- Professional experience
- Social media account details
- Industry-related information.
Hackread.com cross-checked the data and seems authentic and up-to-date, with most records dating from 2020 to 2021.
The data doesn’t contain passwords, but it still poses a great security risk for those impacted by the breach.
LinkedIn released a statement revealing that the earlier data breach contained scraped data collected from different websites and companies along with publicly viewable profile data of its members. But, this cannot be cited as a breach because private data wasn’t exposed.
However, this time around, it isn’t yet clear whether the data is from previous breaches and public profiles or it comprises private accounts information. LinkedIn’s Leonna Spilman stated that:
“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach, and our investigation has determined that no private LinkedIn member data was exposed.
Scraping data from LinkedIn is a violation of our Terms of Service, and we are constantly working to ensure our members’ privacy is protected.”
Since details like phone numbers and email IDs are part of the data up for sale, LinkedIn users may become vulnerable to spam campaigns, brute force attacks, identity theft.
Additionally, despite that financial data isn’t part of the database, hackers can track down sensitive financial details through email addresses.
Moreover, unsuspecting LinkedIn users may become the victim of email or telephone scams and be tricked into giving sensitive credentials or transfer large sums of money.