Things are not looking good for LinkedIn right now. Just two months after a jaw-dropping 500 million profiles from the networking site were put up for sale on a popular hacker forum, a new posting with 700 million LinkedIn records has appeared.
The seller, “GOD User” TomLiner, stated they were in possession of the 700 million records on June 22 2021, and included a sample of 1 million records on RaidForums to prove their claims. Our researchers have viewed the sample and can confirm that the damning records include information such as full names, gender, email addresses, phone numbers, and industry information.
We reached out to LinkedIn for verification and received this official statement from Leonna Spilman:
“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach, and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service, and we are constantly working to ensure our members’ privacy is protected.”
Update: Since we alerted LinkedIn of the posting on the hacker forum, the company released a second statement on June 29th 2021, saying, “We want to be clear that this is not a data breach and no private LinkedIn member data was exposed.”
Is the data the same as from the previous LinkedIn leak?
According to a statement from LinkedIn, the previous data leak contained an “aggregation of data from a number of websites and companies” as well “publicly viewable member profile data.” However, it was not technically a breach since no private information was stolen.
This time around, it seems as though the records are, once again, a cumulation of data from previous leaks. However, this could still include information from both public and private profiles. We employ a strict policy of not supporting sellers of stolen data and, therefore, have not purchased the leaked list to verify all of the records.
What this leak means for LinkedIn users
The leaked information poses a threat to affected LinkedIn users. With details such as email addresses and phone numbers made available to buyers online, individuals could become the target of spam campaigns, or worse still, victims of identity theft.
Even though the records don’t appear to contain any information such as credit card details or private messages, expert hackers may still be able to track down sensitive data through just an email address. LinkedIn users could also be on the receiving end of email or telephone scams that trick them into sharing sensitive credentials or transferring large amounts of money.
Brute force attacks are also something that LinkedIn users affected by the leak will need to be aware of. Using email addresses provided in the records, hackers may attempt to access users’ accounts using various combinations of common password characters.
Finally, targeted advertising towards specific users becomes much more probable, thanks to this list. With information about users’ jobs and gender, companies can more easily market their products to individuals.
What to do if you are part of the leak
Although password and email address combinations are not a part of this recent leak, it is a good idea to secure your LinkedIn account by updating your password and passwords for your other online accounts. Enabling two-factor authentication will also help prevent brute force attacks, which are a likely result of this recent data leak.
A password manager is a great asset to your online security tool kit. As well as using VPNs, antivirus software, and encrypted email services, you should utilize a password manager to help you create strong passwords that are stored in a safe place.
You can also check whether or not your email address or telephone number has been involved in any data leaks by visiting Have I Been Pwned.
LinkedIn statement: https://news.linkedin.com/2021/april/an-update-from-linkedin