After the data leak at Facebook became known last week, the career network LinkedIn has now also been affected by an incident. The data of several million users of the network was offered for sale in a hacker forum.
Data of 500 million users
The online magazine Cybernews now also reported on a data protection incident at LinkedIn. Here, data of 500 million users is said to be traded online. Since the business network has around 740 million users, this is more than half of LinkedIn’s users. The Facebook data leak affected a similar number of users. The data was offered in a hacker forum. In the process, the criminals have also already proven the authenticity of the data by disclosing the user data of approximately two million members of the network. Among the user data were the full names, email addresses, LinkedIn IDs, stored phone numbers and all workplace information. Links to LinkedIn users’ profiles and other social media platforms were also disclosed. Sensitive data was probably not tapped here, neither passwords, nor the payment data of the users were disclosed.
Data source unknown
Where the data came from and how the criminals got hold of the data is not yet clear. It is also possible that the data is older and was collected during previous data breaches. In addition, it is also possible that the data of LinkedIn users was compiled from various sources of data leaks. With the tapped information, the criminals could launch targeted phishing attacks on the affected individuals or use it for spamming as well.
No attack by hackers
According to the business network LinkedIn, the incident is not an attack by hackers. The incident is still under investigation and the investigation is not yet complete, the network said. What is clear so far is that the published records contain publicly viewable information that was likely tapped by LinkedIn and merged with additional data from other sites. Such are the network’s investigation findings to date. Merging and collecting data to such an extent with the help of review scripts is called scraping, which violates the business network’s terms of service.
A few years ago, there was already an incident with the data of LinkedIn users. Here, data of about 100 million users was tapped. Among this data were hashed passwords and the email addresses of the users.
It is now important to watch out for suspicious messages from LinkedIn and also to be wary of suspicious emails.