![]() We want to be clear that this is not a data breach and no private LinkedIn member data was exposed.Late in the evening of November 3, we experienced a data security incident. Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. They have confirmed that the data was scraped from their servers, as well as other sources, but are also claiming that “no private LinkedIn member data was exposed.” And note that the definition of “private data” is surely subjective. We have also reached out to LinkedIn for comment on this latest data leak. LinkedIn has even issued a statement here, where they note that their “initial investigation has found that this data was scraped from LinkedIn and other various websites.”Įverything remains up for sale at this time. ![]() Instead, some of the data likely came from other sources. However, LinkedIn has emailed us an explanation, stating that not all of the data could have been acquired through the LinkedIn API. ![]() You can see that he is asking $5,000 for the complete data set, and stating that the data was acquired through the LinkedIn API. He claims the data was obtained by exploiting the LinkedIn API to harvest information that people upload to the site.īelow is one interaction we had with the threat actor on Telegram. We reached out directly to the user who is posting the data up for sale on the hacking forum. While we did not find login credentials or financial data in the samples we examined, there is still a treasure trove of information for bad actors to exploit for financial gain, as we’ll explain more below. Additionally, the data does appear to be up to date, with samples from 2020 to 2021. Since LinkedIn has 756 million users, according to its website, this would mean that 92% of all LinkedIn users can be found in these records.īelow is a small section of the sample we examined to show you how much information one record can contain: In this sample you can see full names, LinkedIn usernames, Facebook usernames, email accounts, mobile phone numbers, professional data, inferred salary, and more.īased on our analysis and cross-checking data from the sample with other publicly available information, it appears all data is authentic and tied to real users. The user claims that the complete database contains the personal information of 700 Million LinkedIn users. This is one of the largest LinkedIn data dumps we have seen. Other social media accounts and usernames.Personal and professional experience/background.We examined the sample and found it to contain the following information: The user of the forum posted a sample of the data that includes 1 million LinkedIn users. On June 22nd, a user of a popular hacker forum advertised data from 700 Million LinkedIn users for sale. Before we dive into the consequences of this leak, let’s first examine what happened. The implications of this are far-ranging, from identity theft to phishing attacks, social engineering attacks, and more. But is this trust warranted? So far in 2021, we have already seen two separate incidents where bad actors have exploited the professional networking platform to harvest vast amounts of user data. Many people trust LinkedIn with all sorts of private data, hoping and trusting that the information remains in safe hands. They point out, however, that some data was also obtained from other sources. And contrary to some reports, LinkedIn is NOT denying that data was harvested from their servers. UPDATE: LinkedIn has confirmed via email to RestorePrivacy that the data was obtained from their servers, as well as from other sources. After analyzing the data and making contact with the seller, we have updated this article with more information, including how the data was obtained and the possible impact on LinkedIn users. Data from 700 million LinkedIn users has been put up for sale online, making this one of the largest LinkedIn data leaks to date.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |