Recently, news broke out about the leak of personal information from 533 million Facebook accounts and it being available for free on the internet. Now another huge amount of data has been floating online, the data includes people’s personal information from Linkedin, owned by Microsoft.
The data leak was found on a hacker forum where an individual was selling them. He claims that the data was scraped from over 500 million Linkedin profiles. Data includes people’s email IDs, phone numbers, workplace information, and many more.
“We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies,” said LinkedIn in a statement.
The company also mentioned that “ no private member account data from LinkedIn was included”. This means hackers only scraped public information available on profiles but couldn’t access private information, thus it is “not a Linkedin data breach” said the company.
However, the Linkedin argument would be true if the hackers manually collected the data available on public profiles. But they managed to penetrate into the Linkedin system to collect the data, thus it is a data breach. Though the company doesn’t accept it as a data leak, users’ data is being now sold on the internet.
Additionally, the company said, “Any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable”.
Linkedin has not yet given any confirmation if they will notify users whose data has been leaked. Such notification can help users to understand the risk and update the status of the profile and decide to continue using the same or not. However, in a recent leak of Facebook data, the company didn’t inform users if their data has been compromised.
What information was leaked?
Based on the sample data of 2 million provided by the hacker on the forum it appears a variety of professional information from profiles was leaked. The data includes
1- Full names
2- Email addresses
3- Linkedin IDs
4- Gender
5- Links to other social profiles
6- Professional titles and work-related data
Impact of the leak
The leak files appear to only have information related to profiles. Sensitive details such as credit card details or legal documents are not found in the samples posted on the forum. But even an email address is enough to cause damage.
Attackers often collect data leaked from multiple leaks and create detailed profiles of their potential victims. After creating such profiles, they are used to carry out phishing and social engineering attacks.