Update: we’ve updated the story to include the official LinkedIn statement
PrivacySharks reached out to Linkedin who had this to say:
“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
Back in April, we reported that over 500 million LinkedIn users’ information was shared on a hacker forum. Today, LinkedIn was found to have been breached once again, back on June 22. This time, more than 700 million users’ information was exposed online by another hacker and put up for sale.
On June 22nd, a popular hacker advertised data from 700 million LinkedIn users for sale, reported by RestorePrivacy (originally reported by PrivacySharks). The hacker has posted a sample of the data of 1 million users, upon a closer investigation, RestorePrivacy found that the following information was exposed from users:
- Email Addresses
- Full names
- Phone numbers
- Physical addresses
- Geolocation records
- LinkedIn username and profile URL
- Personal and professional experience/background
- Genders
- Other social media accounts and usernames
The hacker claims that the stolen database contains personal information of 700 million LinkedIn users. LinkedIn has 756 million users, according to its most up-to-date webpage, which means that 93% of its users can be found in this breach. This is one of the biggest breaches, especially when we include the extra 500 million user information from April.
Sample data (Image Credit: RestorePrivacy)
RestorePrivacy has also examined a sample of the data and showed us what kind of information is in it. Some of the data is censored to try and prevent any further damage. The company reports that the stolen data is authentic and is indeed coming from real users, and it also appears to be up to date from 2020 to 2021, which makes things even worse. It’s unknown at this time whether user passwords and financial information were leaked as the sample doesn’t contain any, there is a possibility.
When reached out to the hacker to ask how the data was collected, he claimed that the data was obtained by an exploit to the LinkedIn API. LinkedIn has not yet commented on the stolen user information and we couldn’t find any formal announcement regarding the breach.
More coverage over at PrivacySharks