Posted on April 9, 2021 at 7:16 PM
A recent report revealed that over 500 million LinkedIn accounts have been exposed. More alarming, the compromised accounts have been put up for sale on a hacking forum. The hackers have released about 2 million records to show the proof of the breached data.
Data contains names and addresses of users
Data breaches from technology companies are not rare, as several companies have suffered from data breaches in recent times.
Earlier this week, it was the turn of tech giant Facebook, when hackers exposed details of 533 million users of the platform. This time, LinkedIn users are now the latest victims. The Facebook data exposed was from a breach that occurred in 2019, containing names, email addresses, and other details of the user.
The hackers share certain details as proof of the hack, which includes the users’ full names, phone numbers, email addresses, employment details, and other information. The data also include the users’ professional titles and links to other social media profiles.
The sale of the stolen data was initially reported by CyberNews, a cybersecurity news and research site.
In the post shared by the seller of the stolen data, he claimed that the total numbers of stolen user profiles in his possession are 500 million. He asked interested buyers to send him a PM for a price that will not be lower than 4 digits.
From the released samples, independent investigators have looked into the data and confirmed that the sampled data are LinkedIn profiles of users.
LinkedIn refutes breach
It was initially not known whether the hacker gathered the data from previous LinkedIn breaches or whether the data is from a recent hacking incident.
But LinkedIn has cleared the air about that, stating that the data is indeed from LinkedIn but not from any recent breach of the social networking platform.
LinkedIn added that the data is a compilation of information from different companies and websites. The company reiterated that the content it reviewed does not contain data from any private member account from the platform.
“This is not a LinkedIn data breach, and no private member account data from LinkedIn was included,” LinkedIn stated.
Data could be used for future phishing attacks
Security experts stated that the buyers of these stolen data may likely use them for phishing attacks. Those users who have been compromised may see an increased level of spam messages from these threat actors, the experts warn.
Additionally, the compromised data can be used for brute force attacks that can compromise the email addresses and passwords for LinkedIn profiles.
Users have been advised to update their usernames and passwords as soon as possible to avoid being victims of future attacks. They are also advised to enable two-factor authentication on any platform they are using to add more protection to their account.
Although the information contained in the stolen files is not as sensitive as social security numbers or credit card details, threat actors can still exploit information like phone numbers, including for robocall scams.
These types of scams are gradually rising, and most of them get their details from hacked sites.
LinkedIn has over 750 million members, based on stats available on its platform. This means that data of more than 70% of the users may have been included in the stolen data.
Scrapers may be responsible
Most of the information available in the stolen data is also found on the profile pages of the users. As a result, security experts opine that the data could have come from scrapers. Social media firms always have rules in place to prevent scrapers on users’ profiles. On its terms page, LinkedIn provides “technical measures and defenses” against scraping. But in many cases, these threats are often overlooked by bad actors.
The company has not stated whether it plans to inform users about the incident or keep mute since it claims the data were not a result of any recent breach.