Posted on July 1, 2021 at 8:21 PM
LinkedIn has been frequently in the news lately for the wrong reasons. Two months ago, the social media giant was facing a probe by the government following the scraping of the data of 500 million of its users and their appearance on the dark web.
Now, the platform is facing another data leak issue, as the data of an astonishing 700 million users have been exposed.
Last week, a user on a darknet forum, RaidForums, offered the stolen data for sale. PrivacySharks spotted the data and informed LinkedIn after verifying that the 1 million records the seller offered as samples match LinkedIn records.
LinkedIn says its network was not compromised
It’s not clear how the data was taken from LinkedIn’s database. However, some have opined that it was retrieved during a breach while others feel that someone may have discovered a misconfigured database that exposed the 700 million records.
However, LinkedIn has refuted all these claims. The company released a statement shortly after the news of the data records became widely known. The company pointed out that the records did not come from a breach of its database.
“Our investigation has determined that no private LinkedIn member data was exposed,” the company stated.
LinkedIn says it’s still investigating the incident, but based on its earlier analysis, the record includes details scraped from LinkedIn and other materials obtained from other sources.
LinkedIn still maintains that even the previous dataset where 500 million records were available was also a result of scrapping from users on the LinkedIn site. The company maintained that all of the data are publicly available online, and the appearance of such data is not a result of any data breach.
LinkedIn’s ToS forbids scraping
No matter how the data ended up on the darknet, it’s still a big problem for LinkedIn and the 700 million people whose details are included in the leak.
Anyone out there could copy the details of users online as long as they are published on a public platform. However, the only difference is the fact that those details are protected by the site’s terms of service.
LinkedIn stated that its ToS completely forbids the scraping of data and the firm has indicated a readiness to take legal action, especially against hiQ, a data analytics startup.
LinkedIn has also fought hard to make sure that data scraping remains illegal. In 2019, the 9th US Circuit Court of Appeals ruled that data scraping was legal. However, LinkedIn challenged the ruling at The Supreme Court, making sure that the law was reverted and scraping remained illegal.
When PrivacySharks reported the issue to LinkedIn, the company’s corporate communications manager, Leona Spilman, offers more insight on the sources of the latest collection of breached user records.
He noted that the scraping of user data is still a serious offense according to its Terms of Service.
Users are targets for Spam campaigns
Users of the 700 million records could be targets of further spam campaigns, as seen in other data leaks.
Some of them can also be victims of identity theft. As a result, security researchers have advised to change their passwords as soon as possible and use a password manager to create new passwords that are not easy to decipher.
Although LinkedIn may not be the victim of the data breach, it goes to show that threat actors are still able to glean and leverage publicly available information that may have vital implications on consumers.
Vice president of research and intelligence at security firm iboss.Inc, Jim Gogolinski, stated that the recent data scraping is a sharp reminder of how motivated hackers and threat actors can be. It also shows that cybercriminals have a wealth of information available at their disposal.
Although social media companies have improved on their efforts to prevent data scraping, the fact is, threat actors are unrelenting in the activities.
Users’ home addresses, social security numbers, e-mail addresses, and phone numbers are exposed online on social media. And it’s a matter of time before they are scraped and presented as one database. As a result, social media users are advised to share as little information as possible and never to use one login detail for more than one account.