LinkedIn denies data breach: 700 million profiles for sale online

Names and contact information of 92% of users for sale on the Dark Web

Breach is denied, but 700 million users affectedUsers' personal information for sale in hacker forums online.

Once again, LinkedIn seems to be in a massive mess. Just months ago company faced the government's probe, which was a result of 500 million clients' personal data being distributed online. Now, the situation escalated even more as a whopping 700 million users have been impacted, and their sensitive information leaked to the Dark Web forums[1].

A user on RaidForums, which could be found on dangerous Dark Web, shared information that 700 million LinkedIn user's data are up for sale. The seller, who is calling himself “GOD User” TomLiner, stated they were in possession of the hundred million records on June 22, 2021, and included a sample of 1 million records on RaidForums to prove that this is not a scam[2].

Privacy Sharks researchers have analyzed the samples and confirmed that the records that are put up for sale are indeed legitimate and consist of full names, gender, email addresses, phone numbers, and industry information. Such information can be obtained by malicious attackers and used in additional targeted campaigns.[3]

LinkedIn states that sensitive information was “scraped”

LinkedIn issued an official statement in which it was communicated that this data breach is not companies fault, and an internal investigation pointed out that no private LinkedIn user data was leaked or shared[4].

“Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach, and no private LinkedIn member data was exposed,” LinkedIn said in a statement.

As the company is still undergoing investigation, it is stated that the data put up for sale online was “scraped” from the professional networking website cum job portal and several other internet sites. LinkedIn expressed that companies' values do not align with data scraping, and they are more than ready to show it in court.

It is speculated that similar events took place during April 2021 breach. However, after the leaked data scandal back in April, LinkedIn shared that all of the data was publicly available either way[5]. Whether that is the case, back in spring, hackers obtained not only names, phones but social media profiles as well, putting users at even bigger risk.

Nothing to be shocked about – the company has faced hacking attacks before

Current events and April 2021 security breaches are hardly the only obstacles the company has faced concerning security and people's data concerns. In 2012, LinkedIn suffered a data breach of 164 million email addresses and passwords. Owners of the hacked accounts were unable to access their accounts, and even years later, in 2016, LinkedIn discovered an additional 100 million email addresses and passwords that had been compromised from the very same 2012 breach.

As more and more datasets seem to become a target to hacking attacks, regular password updates, two-factor authentication enabled, and all of the precautions shouldn't be debatable. Any regular user of services like LinkedIn's can hardly do anything about personal information being leaked. Still, everyone can update their own security in an effort to diminish negative consequences in the future.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

References
Files
Software
Compare