- LinkedIn has reportedly suffered a major data breach.
- Data of 700 million LinkedIn users has been posted online for sale.
- Leaked data contains full names, email addresses, phone numbers, physical addresses, geolocation records, personal and professional experience/backgrounds, inferred salaries, and more.
A couple of months ago, LinkedIn suffered a major data breach. In this incident, the data of around 500 million users was leaked. Reportedly, there has now been another massive data breach at LinkedIn. This time around, the data of around 700 million users has been leaked. LinkedIn has approximately 756 million users. If you do the math, 92 percent of LinkedIn users have been affected by this data breach. The latest LinkedIn data leak reportedly includes the inferred salaries of the users as well, which is a rather serious issue. Let us have a look at all the details of the second LinkedIn data breach.
LinkedIn suffers yet another data breach
RestorePrivacy, a publication that covers topics related to privacy and data security, claims that a user on a popular hacking-oriented forum advertised data of 700 million LinkedIn users for sale. The user reportedly also posted a sample of the leaked data, which includes information of 1 million LinkedIn users. RestorePrivacy examined and cross-checked the data sample and found that the “data is authentic and tied to real users.” The publication also says that that “data does appear to be up to date, with samples from 2020 to 2021.”
Upon examination, RestorePrivacy has found that the data set has full names, LinkedIn username and profile URL, email addresses, phone numbers, physical addresses, geolocation records, genders, personal and professional experience/backgrounds, inferred salaries, and details regarding other social media account and usernames. Fortunately, the leaked data does not have login credentials and financial data. However, the publication states that “there is still a treasure trove of information for bad actors to exploit for financial gain.”
So, how was the data obtained? Well, RestorePrivacy reached out to the user who posted the leaked data for sale. He claims that the data was obtained by exploiting the “LinkedIn API to harvest information that people upload to the site.” According to the publication, bad actors can use the data for identity theft, phishing attempts, social engineering attacks, and hacked accounts. RestorePrivacy says “it does not appear that LinkedIn servers were hacked or there was a full “breach” in the traditional sense of the term. Instead, however, the data was harvested through LinkedIn’s own API by threat actors.” LinkedIn is yet to officially confirm the data leak.