A wave of ‘hacktivism’ struck a number of social media platforms recently and LinkedIn is the newest on the list.
Days after Facebook’s massive data breach, CyberNews reported a cyber attack on LinkedIn, where data from more than 500 million accounts has been posted for sale online.
The leaked data went beyond publicly viewable member profiles but also included personal information, such as email addresses, phone numbers, workplace details, full names, gender, account IDs, and links to users’ other social media accounts.
The data was posted on a a “popular hacker forum” where the author posted another 2 million records as a proof-of-concept sample, the report said.
However, LinkedIn denied a data breach, and said information may have been stolen from other sites and companies.
LinkedIn said it “investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies”
Reuters reported on Friday that the company refused to provide more details on the case, including the number of users affected.
Following the massive dissemination of sensitive data, including full names and telephone numbers, Italy’s privacy watchdog conducted an investigation into the case on Thursday.
“The Italian authority said that the country has one of the highest LinkedIn subscriber counts among European states and called on affected users to ‘pay particular attention to any anomalies’ related to their phone number and their account,” the report advised.
CyberNews published an update to the story on Friday to confirm it found that a new collection of databases has been added by another user on the same hacker forum.
The data is being sold for $7,000 worth of bitcoin, the report stated.
“The new author claims to be in possession of both the original 500-million database, as well as six additional archives that allegedly include 327 million scraped LinkedIn profiles.
“If true, this would put the overall number of scraped profiles at 827 million, exceeding LinkedIn’s actual user base of 740+ million by more than 10%. This means that some, if not most, of the new data sold by the threat actor might be either duplicate or outdated.”
Why is this alarming?
LinkedIn users now face potential targeted phishing attacks, spamming including 500 million emails and phone numbers, brute-forcing passwords of profiles and email addresses.
Other incidents that can occur include harassment and creating fake accounts with users’ personal information.
However, “the leaked files appear to only contain LinkedIn profile information – we did not find any deeply sensitive data like credit card details or legal documents in the sample posted by the threat actor,” CyberNews said in a statement.
“With that said, even an email address can be enough for a competent cybercriminal to cause real damage,” it added.
Professional hackers could then combine the breached data with other leaks in order to fabricate a flawless fake profile of their potential victim.
With this being said, cases of phishing attacks and identity thefts are more likely to occur.
Do you suspect that your LinkedIn profile data might have been scraped?
For those who suspect that their profile data might have been leaked, there are some precautionary measures that can be taken:
- Change the password of both your LinkedIn and email accounts
- In case of any suspicious activity, report it to the company immediately
- Create a strong password and avoid storing it on your phone
- Enable two-factor authentication (2FA) on all your online accounts
- Do not click on any suspicious links
- Do not respond to suspicious emails or messages
- If you received a call from a suspicious number, do not answer and do not call back