Just when we are recovering from the recent Facebook Data Leak, we have suffered from another major LinkedIn data breach. This time the personal information of half a billion LinkedIn users was posted online. On a hacker forum, an individual was found to be selling the data scraped from 500 million LinkedIn user profiles. Among the leaked data, a sample data of 2 million users is floating around the internet for free access. The leaked information consists of various information such as LinkedIn ID, Full names, Email addresses, Phone numbers and much more.
What LinkedIn is Saying
LinkedIn claims that the scraped data in the sample was not private data but public information. They further defended saying that the data includes information from many places and wasn’t all scraped from their sites. LinkedIn’s recent statement on the data breach reads “We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies.”
“This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.” – LinkedIn
Leaked Data Sample
Our team at TechSathi checked the samples of leaked files and found a variety of personal data which includes:
- LinkedIn ID
- Full Name
- Contact Numbers
- Email Address
- LinkedIn Profile Links
- Professional titles and other work-related data
- Links to other social media profiles
Impact of the Leak
The bad actors who got the data might use them against LinkedIn users in a various ways. Firstly, they can conduct targeted phishing attacks using the leaked data. Secondly, the 500 leaked email addresses and contact numbers may get spam emails and phone calls. In addition to it, those perpetrators might be brute-forcing the passwords of LinkedIn profiles and Emails. Hence, it is recommended to the users to change the password of their LinkedIn and email accounts as soon as possible.
The claim has been made by LinkedIn saying that this was not technically a data breach since the hacker did not penetrate into their systems. Technically, their claim might hold true at the moment, but it does not do much good for the users whose data is being sold online.