LinkedIn is the latest victim of a massive data breach and data of over 500 million of its users has been scraped from the platform and posted online for sale. The dataset includes sensitive information like email addresses, phone numbers, workplace information, full names, account IDs, links to their social media accounts, and gender details. The breached data is reportedly being sold by an unknown user on a hacker forum, who has dumped data of over two million users as sample proof. The hacker is asking for a four-digit amount (in USD) in exchange for the breached data, potentially in the form of Bitcoins. This comes just days after a similarly massive leak of scraped data from over 500 million Facebook users was leaked.
LinkedIn has over 740 million users, the company mentions this on its website, which means that data of over two-third of its subscribers has been compromised and being sold online. The news was first reported by CyberNews, and LinkedIn later confirmed the breach to Business Insider.
In an official statement, a LinkedIn spokesperson told the publication, “While we’re still investigating this issue, the posted dataset appears to include publicly viewable information that was scraped from LinkedIn combined with data aggregated from other websites or companies. Scraping our members’ data from LinkedIn violates our terms of service and we are constantly working to protect our members and their data”. The data includes sensitive information like phone number, email ID, workplace information, and even links to their social media accounts.
Security analyst Paul Prudhomme told Insider that the dataset, if exposed to bad actors, could lead to attack on many companies through their employees. He said that these attacks are more likely to succeed due to the rise of remote work and use of personal devices for office work.
A few days earlier, personal data of 533 million Facebook users was leaked recently on a hacking forum. The large dataset includes users from 106 countries, including 32 million records from users in US and 6 million users in India. Their email addresses, phone numbers, Facebook IDs, locations, birthdate, and bios have reportedly been exposed. A Facebook spokesperson said that the dataset was breached due to a vulnerability patched two years ago.
How can I protect myself from data leaks?
As a user, you’re depended on the safety and security provided by the services you use. It’s important to look at the safety, security, and privacy settings of the apps you use, and make sure that these are set up properly.
Beyond that, share only necessary information with digital services, and subscribe to sites like Have I Been Pwned for notifications if your email address is part of a data breach.
In addition to being cautious while sharing any personal data online, frequently change your account passwords across platforms. This wouldn’t help you in a situation like the leaks from Facebook and LinkedIn, but is generally good advice.
The password should ideally be a strong one and you could save it in a strong password manager for auto-fill. Also enable two-factor authentication (2FA) wherever available, and do not accept connections, especially on LinkedIn and Facebook, from unknown people.