After a similar incident in April, in which a jaw-dropping 500 million profiles were put up for sale online, LinkedIn suffers a second massive data breach. Reportedly, the latest incident has exposed the sensitive data of 700 million (92%) of its users. The leaked data includes addresses, geolocation records, inferred salaries contained in a new posting on a popular hacker forum.
Who is behind it?
The data was put up for sale on RaidForums by a hacker calling themselves “GOD User TomLiner.” The post appeared on June 22, claiming that 700 million records are included in the cache. The attacker even provided a sample of 1 million users’ data as proof, trying to sell the information online.
How did the breach happen?
After examining the sample, Privacy Sharks determined that the records contain a wide range of data: full names, gender, email addresses, phone numbers, industry information, salaries. Although the origin of the leaked data remains uncertain, the scraping of public profiles is a likely source. The same method was used back in April when 500 million records went up for sale.
LinkedIn denies any breach of its networks again: “While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources,” according to the company’s press statement. “This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
“This time around, we cannot be sure whether or not the records are a cumulation of data from previous breaches and public profiles, or whether the information is from private accounts,” according to Privacy Shark’s blog post, published Monday. “We employ a strict policy of not supporting sellers of stolen data and, therefore, have not purchased the leaked list to verify all of the records.”
The collection has 200 million more records available this time around, so it’s likely the new data has been scrapped and that it’s more than a reshuffle of the first set of records.
However, if the hacker was able to scrape millions of records, whatever the mothod used, this is definitely a security breach.
Security implications of Data-Scraping
Fortunately, sensitive information such as credit card data and private messages were not exposed. However, there are a series of security ramifications.
The data made available online threatens LinkedIn users, as it might turn them into the target of spam campaigns or even identity theft. Even more so, hackers may be able to exfiltrate sensitive data through just an email address. LinkedIn users could be tricked into sharing sensitive credentials or making payments.
Another concerning possibility is that of hackers using the email addresses in the public records to access users’ accounts.
And last but not least, the collection of data may be a social-engineering goldmine. Having such a large number of records in one place can make it possible to automate targetted attacks using criteria such as users’ jobs, gender, and other details.
“It is not uncommon to see such data sets being used to send personalized phishing emails, extort ransom or earn money on the Dark Web – especially now that many hackers target job seekers on LinkedIn with bogus job offers, infecting them with a backdoor trojan,” Candid Wuest, Acronis vice president of cyber-protection research, said via email at the time of the first data-scraping incident. “For example, such personalized phishing attacks with LinkedIn lures were used by the Golden Chickens group.”
To minimize the risk of their personal information being exposed and sold online, LinkedIn users should secure their accounts by regularly updating passwords and enable two-factor authentication.