LinkedIn has been left reeling from its second data leak of 2021. In April cybersecurity experts revealed data scraped from 500million LinkedIn accounts had been put up for sale by hackers. And now just a few months later LinkedIn has once again been affected by another data leak – this time affecting 700million accounts.
The data leak reportedly affects the vast majority of LinkedIn users (over 92 percent) with sensitive information such as e-mail addresses, phone numbers and addresses impacted.
While accompanying passwords aren’t included, the sensitive information could be used for identity theft and to carry out phishing scams.
The LinkedIn data leak was revealed by RestorePrivacy, who said hackers appear to have misused the official LinkedIn API to download the sensitive user data.
This is the same method bad actors allegedly used to obtain the LinkedIn data back in April.
READ MORE: Notorious Android malware makes its way back onto Google Play Store
Speaking about their findings, RestorePrivacy said: “Many people trust LinkedIn with all sorts of private data, hoping and trusting that the information remains in safe hands. But is this trust warranted? So far in 2021, we have already seen two separate incidents where bad actors have exploited the professional networking platform to harvest vast amounts of user data.
“The implications of this are far-ranging, from identity theft to phishing attacks, social engineering attacks, and more.”
Analysis of the data hackers have obtained appears to show it is authentic and tied to real users, with the information up to date as well.
It looks like the LinkedIn user data was from 2020 to 2021.
Hackers are now trying to sell the huge cache of LinkedIn user info on a popular forum.
The complete set of data on 700million LinkedIn users is being offered up for sale for $5,000.
Here is the different types of LinkedIn user data hackers reportedly have got hold of: Email addresses, full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experience/background, genders, other social media accounts and usernames.
In a statement, LinkedIn have refuted claims the site has been hit by a data breach – saying data was scraped and taken from other sites.
LinkedIn also said “some data” from the data dump hackers were trying to sell in April 2021 has been included in the latest batch being offered on the Dark Web.
LinkedIn said: “Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.
“Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.”
Credit: Source link