LINKEDIN PERSONAL DATA HACK 

Only a week ago, the personal data of 533 million Facebook users was uploaded to a hacking forum for free. Now it’s LinkedIn’s turn. On 6 April, Cyber News reported that scraped personal data of over 500 million LinkedIn users was being sold online. A spokesperson from LinkedIn confirmed that the database was not obtained through a breach but

“…is actually an aggregation of data from a number of websites and companies.”

WHAT WAS STOLEN? 

As a proof-of-concept, the hacker uploaded 2 million records from the 500 million database. The stolen records included:

  • LinkedIn IDs
  • Full names
  • Email addresses
  • Phone numbers
  • Genders
  • Links to LinkedIn profiles
  • Links to other social media profiles
  • Professional titles and other work-related data

WHAT CAN HAPPEN?

The files from the LinkedIn personal data hack did not contain highly sensitive data such as credit card details, legal documents, or personal messages between users. Notwithstanding, a savvy cybercriminal can do a lot of damage with a full name, email address and mobile phone number. Competent hackers can even combine the LinkedIn data with information from other data breaches and use this to conduct convincing phishing and social engineering attacks, or even commit identity fraud.

DATA FOR SALE

It seems as if the first offering of data was sold to another cybercrook. On 10 April 2021, another hacker put the 500 million LinkedIn records, plus an additional 327 million scraped LinkedIn profiles up for sale on the same hacking forum. The asking price? $7,000 in bitcoin. This means that the number of profiles for sale is 827 million, exceeding LinkedIn’s user database of 740 million by more than 10 million. If all this is true, a lot of the new data on offer is likely either duplicate or outmoded.

WHAT WILL LINKEDIN DO?

While Facebook confirmed that it will not be notifying the 533 million users of the breach in March, LinkedIn has taken a different stance. It said that breach of data

“such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.”

 WHAT CAN I DO?

If you suspect that your LinkedIn profile has been compromised, take these necessary steps immediately:

  • Use this personal data leak checker to see if your email or phone number has been hacked
  • Change the passwords of your LinkedIn and email accounts
  • Use a password manager such as LastPass to create and store robust passwords
  • Enable 2-factor authentication on all your online accounts
  • Be cognizant of suspicious LinkedIn messages and connection requests

Watch out for phishing emails and text messages. Don’t click on anything suspicious. Don’t respond to people you don’t know. Don’t become a victim of cybercrime!