Earlier this year, it was reported that the account data – which included email addresses and mobile numbers – was leaked online. While the world is still debating about it and Facebook’s ineffective role in the wake of it, another massive leak has raised its head. This time, the profile data of around 500 million LinkedIn users has been leaked on a hacker forum. CyberNews reports that the leaked data scraped from LinkedIn profiles contains details such as full names, phone numbers, email addresses, and employment information to name a few.
“While users on the hacker forum can view the leaked samples for about $2 worth of forum credits, the threat actor appears to be auctioning the much-larger 500 million user database for at least a 4-digit sum, presumably in bitcoin.”
The malicious actor behind it has openly listed two million records as a proof-of-concept sample, and is now accepting bids for selling the whole cache that contains information about half a billion LinkedIn users. CyberNews says it has verified the leaked data samples on the hacker forum, but it is unclear if it contains fresh profile details or if it was extracted during a previous breach that happened all the way back in 2016.
Talking about the user data that has now been put up for sale, it contains the LinkedIn profile IDs and the corresponding URL link, full names, email addresses, mobile numbers, employment information, and links to social media profiles of affected users. However, there is no evidence of sensitive information such as financial details and legal documents being part of the leaked data cache. However, the data that has been scraped is enough for launching social engineering attacks, phishing, and spamming.
If you’re worried about your LinkedIn data being leaked, you can check it out on CyberNews’ own database that has been updated with more than 780,000 email addresses that are a part of the massive leak. Other remedial steps that you can – and should – take include changing your LinkedIn account password, enabling two-factor authentication, and using a password manager service.
The Microsoft-owned professional communication platform claims that the leaked data also contains information pulled from other websites. The company further adds that its systems were not breached to extract information, and that no private member account data is a part of the leaked dataset. “We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies,” LinkedIn says.