Personal information containing user profile IDs, e-mail addresses, and other details of nearly 500 million LinkedIn users has appeared online for sale.
According to the information that is available, threat actors have scraped data from public LinkedIn profiles and have posted it online for a potential misuse by people with malicious intentions.
As per the reports, the leaked archive that has appeared in a popular hacker forum contains full names, LinkedIn IDs, details about profession, email addresses, phone numbers, and other data that is personally identifiable.
Researchers who are analyzing the incident, however, explain that since the scraped data does not include much information about payment cards or passwords, it is less worthwhile for attackers, and would not sell on the Dark Web for much anyway.
Still, this doesn’t change the fact that the published information contains useful personal details (such as info about the workplace, e-mail, social account links) which could easily be exploited in targeted phishing campaigns and online frauds.
LinkedIn has officially confirmed that the archive that appeared on the hacking site indeed contains details obtained from the social network. However, they explained that this is not a result of a system breach but rather a data scraping incident where attackers have scraped data from the LinkedIn site.
According to the investigation of LinkedIn researchers, the information that has been published for sale on the dark web has been collected from publically viewable profiles.
The company explained in a statement on their website that no private member account data has been included in the data leak, as per what they have been able to review. Therefore, they exclude the possibility of a data breach.
Data scraping is a popular technique for malicious actors to siphon public information that is available online and then make money out of it by selling it for profit or using it for targeted attacks, online frauds, and scams.
Scrapped data plays a great role in various phishing attacks, identity theft attacks, brute-force attacks, or spam campaigns where victims are being tricked to download malware, send money to online crooks or enter other personal details that can be exploited in other malicious activities.
People who find out that their data has been leaked in the latest incident with LinkedIn should be very careful when opening questionable e-mails with random links and attachments or receiving calls and messages from unknown senders.
With so much personal information being available online, security researchers are warning that many hackers may take advantage of it in a number of ways. Fake job opportunities and various phishing campaigns, like the LinkedIn job lures from the last week, are just some of the examples.