Another data breach has occurred at LinkedIn. This time, the personal and contact details of 700 million LinkedIn users are being sold on the dark web. LinkedIn says it is investigating the matter but emphasizes that the data was collected through scraping.
This has been written by researchers who have checked a sample of the data set for authenticity. This research shows that the data is authentic and up-to-date.
This LinkedIn user data is for sale
Researchers discovered that someone was offering data from 700 million LinkedIn users for sale on a popular dark web hacker forum. The seller published a dataset of one million LinkedIn users on the forum. Forum members could download these for free to verify their authenticity.
In their own words, the information that the hacker offers is real and current. In addition to first and last names, the dataset also contained telephone numbers, residential addresses, gender data, location data, LinkedIn names and profiles, personal and professional background information and references to other social media accounts. No passwords or financial details were stolen.
Scams lurking around the corner
As mentioned, the seller reportedly has the personal and contact details of 700 million LinkedIn users. That would mean he managed to get hold of the data of 92 per cent of all LinkedIn users. The provider of the stolen data says it succeeded by abusing the LinkedIn API. As a result, he was able to scrape profiles. In scraping, a program automatically collects data from public sources on the Internet and combines it into a single dataset.
It is not known how much the seller wants to collect for the database. What is beyond doubt is that such a large dataset can cause a lot of misery in the wrong hands. After all , the stolen data can be misused for identity fraud, friend-in-emergency fraud, phishing and sending spam messages.
LinkedIn: ‘No data breach has occurred’
LinkedIn says in a response that it is still investigating the matter, but that initial analysis shows that the dataset contains data from LinkedIn and other sources. Furthermore, a spokesperson for the platform emphasizes that there is no data breach (after all, the data has been scrapped) and that no private data of LinkedIn users has ended up on the street. “Scraping LinkedIn data is a violation of our terms of service and we are constantly working to protect the privacy of our members,” LinkedIn said.
It’s not the first time LinkedIn has been embarrassed. In April, the personal data of more than 500 million LinkedIn users ended up on the dark web. As in this case, it included first and last names, phone numbers, email addresses, gender, LinkedIn IDs, links to LinkedIn profiles, social media links, job titles, and other work-related data.
Facebook faced a similar data breach
In the same month, there was a similar data breach at Facebook. Then it concerned 533 million Facebook users whose data had been scrapped. In addition to first and last names, the perpetrators also managed to obtain places of residence, dates of birth, telephone numbers, email addresses, gender, relationship status, Facebook IDs and the dates on which the accounts were created. 5.4 million Dutch people were the victims of this.
An internal email revealed that Facebook wants to dismiss the incident as a sector problem and ‘normalize’ the scraping phenomenon. “In the long term, we expect more scraping incidents and it is important to frame this as an industry problem and normalize that this happens regularly,” the email reads, according to Belgium’s Data News. “To do this, the team is proposing a follow-up post in the coming weeks that will talk more broadly about our anti-scraping work and provide more transparency around the work we’re doing here. This could echo much of the scraping activity, we hope it helps normalize the fact that this is ongoing and avoid criticism that we are not transparent about specific incidents.”
Catch up on more articles here
Follow us on Twitter here