The professional networking platform, LinkedIn has been in news with another data breach. The rumored leak seems more critical than the one in April that exposed information of around 500 million users.
PrivacyShark made the first claim and contacted LinkedIn regarding the potential data leak. The hacker advertised the sale of the database of 700 million LinkedIn users on Raidforums, a popular site mostly used by hackers. This could be the largest breach of LinkedIn as it accounts for more than 90% of the total users of the networking giant.
The hacker with the alias “GOD User” posted the sale offer on June 22. The hacker even offered 1 million sample records for verification. Members at PrivacySharks reviewed the sample and concluded that the data were indeed tied to authentic users. The data includes email addresses, full names, phone numbers, gender, industrial background, linked social accounts, physical addresses, and geolocation records.
The nature of the breach looks like the one in April. Rather than a technical breach, it is more like an aggregation of the information scraped from the public LinkedIn profiles and other web resources. In this regard, LinkedIn also published a statement denying the breach. The company assured that the private LinkedIn member data has not been compromised. As per their investigation, it is the same data as of April’s rumored leak.
Even though the advertised sale holds no confidential information like passwords, LinkedIn has promised to hold people accountable. This is probably due to the LinkedIn Terms of Service which prohibits data misuse and scraping. Data scraping became legal with the ruling of the 9th US Circuit Court of Appeals in 2019. Despite the legalization, LinkedIn took the case to the Supreme Court which dropped the ruling recently.
Data is an asset in this digital world. Marketing campaigners can easily take advantage of such huge volumes of data. This type of information is ideal for marketing agencies to launch targeted advertisements.
Likewise, hackers can use contact details like numbers and emails for scams and phishing campaigns. Nowadays, we link everything from social media accounts to banking accounts with our email addresses. And the email address is the username for most of the accounts. The scary thing is the accounts with usernames as emails are subject to brute force attacks.
However, there are no signs of exposure to login credentials. For the time being the user accounts remain intact. Although, it is important to change the old passwords and create new strong passwords with character variations.
A networking platform cannot defend the attackers alone without the user’s participation. From a cybersecurity perspective, users should adopt different security strategies like two-factor authentication, not sharing credentials with others, and avoiding phishing and suspicious emails, and using secured networks.
LinkedIn has also advised the users to report hacked and compromised accounts. One can check the activity logs of his/her account which include sign-in locations, and details of devices used to sign in. If you ever hop on to any log that you are not aware of, you should immediately report the account to LinkedIn.