What Happened?

A couple of months in the past, LinkedIn suffered a major data breach. In this incident, the information of around 500 million users was leaked. Reportedly, there has now been another massive data breach at LinkedIn. This time around, the records of around 700 million users has been leaked. The latest LinkedIn data leak reportedly includes the inferred salaries of the users as well, which is a rather serious issue.

 RestorePrivacy, a publication that covers topics associated with privacy and data security, claims that a user on a famous hacking-oriented forum marketed data of 700 million LinkedIn users for sale. The person reportedly also published a sample of the leaked data, which includes records of 1 million LinkedIn users.

 

 

 

 

 

 

RestorePrivacy examined and cross-checked the data sample and found that the “data is authentic and tied to real users.” The publication also says that “data does appear to be up to date, with samples from 2020 to 2021.” Upon examination, RestorePrivacy has found that the data set has full names, LinkedIn username and profile URL, email addresses, phone numbers, physical addresses, geolocation records, genders, personal and professional experience/backgrounds, inferred salaries, and details regarding other social media account and usernames. Fortunately, the leaked data does not have login credentials and financial data.

 

 

Cause of the Data Breach

Well, RestorePrivacy reached out to the user who posted the leaked data for sale. He claims that the data was obtained by exploiting the “LinkedIn API to harvest information that people upload to the site.”

RestorePrivacy says “it does not appear that LinkedIn servers were hacked.

LinkedIn has confirmed that the data was scraped from their servers, as well as other sources, but are also claiming that “no private LinkedIn member data was exposed.”

 

Impact of the Data Breach

The data breach exposes highly sensitive data. Having such sensitive data in the public domain would make it incredibly easy to trick, defraud, and steal from the people exposed.

The bad actors can use the data for identity theft, phishing attempts, social engineering attacks, and hacked accounts.

 

 Recommendations

 

• Limit the amount of data that is available to others.

 

• Remain vigilant to all potential attacks while continuing to safeguard your personal information.

 

• Users, whose data was leaked due to this data breach, must take necessary actions as their data could be abused by attackers to take over user accounts and perform fraudulent transactions.

 

• Users should also be wary of targeted phishing emails that pretend to be from LinkedIn and utilize the information disclosed in this data breach