LinkedIn is topping the cybersecurity news headlines with another major data leak incident. Earlier in April, the professionals’ network suffered a data-scraping incident that affected nearly 500 million LinkedIn users.
Just a week ago, on June 22, security researchers have detected that the data of nearly 700 million LinkedIn users has been put for sale in a hacker site. The malicious actor who has announced the sale has even published the records of 1 million users as a “proof”.
Security researchers, who have analyzed the published sample have discovered that the data package includes full names of the LinkedIn users, their gender, email addresses, phone numbers, and information related to the industries they are involved in.
The origin of the data is unknown, however it is highly possible that the information was scraped from public profiles. At least, data-scraping was the method used for the collection of the 500 million LinkedIn records that were published for sale in April, according to the official LinkedIn’s statement on the incident.
The company’s press statement on this new data-leak revelations is that there have been no indications of breaches to its networks. According to LinkedIn’s investigation, the sample dataset contains data scraped from LinkedIn as well as data acquired from other sources. The company’s internal investigation has concluded that no private LinkedIn member data was compromised, and this was not a LinkedIn data breach. The professionals’ network states that it is a violation of their Terms of Service to scrape LinkedIn data, and they are continuously striving to guarantee the privacy of their users.
Presently, researchers are unable to verify whether the records are a compilation of data from prior breaches and public profiles, or if the information is scraped from private accounts. Compared to the incident from April, this time the data collection includes 200 million more records. Therefore, it is very likely that fresh data has been scraped and that this new data-leak is not just a repeat of the previous set of records.
While according to the analysis of the published sample data credit-card details and private message content is not a part of the incident, security professionals are warning that the leaked information still poses a threat to the affected LinkedIn users.
Given the rising number of malicious actors targeting job seekers on LinkedIn with fake job offers, there are cases when such datasets are used to send carefully crafted phishing emails or extort ransom through personalized scam messages.