After Facebook, LinkedIn has become the latest victim of data breach, in which scrap data of over 500 million of its users has been put on sale on a popular hacking platform. The leaked details are email ids, cellphone numbers, workplace information, full anmes, account Ids, social media accounts, and gender details.
LinkedIn has confirmed the report saying it's not a breach but collection of data from other websites and companies. LinkedIn has said it "investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies".
The unknown post author leaked 2 million records as proof-of-concept samples on the hacker platform, a CyberNews report said. "The four leaked files contain information about the LinkedIn users whose data has been allegedly scraped by the threat actor, including their full names, email addresses, phone numbers, workplace information, and more," the report said.
In exchange for the full details on leaked LinkedIn data, the hacker has asked for a four-digit amount in US dollars, preferably in bicoins. However, it has not been verified if the threat actor is sharing the up-to-date data of the LinkedIn users or it's a scrap data, meaning it's collected from previous LinkedIn and other company hacks.
LinkedIn has said the data put out by the hacker does include "publicly viewable member profile data that appears to have been scraped from LinkedIn". But, it can't be called as "data breach" as no private member account data from LinkedIn was included in what we've been able to review, said the company.
Meanwhile, Italy's privacy watchdog has launched an inquiry against the purported data breach since it has the highest number of subscriber counts among European states. The watchog has also called LinkedIn users in the country to be wary about any suspicious activity with regard to their bank accounts or phone numbers.
Experts suggest the alleged leeaked data can be used to carry out targetted phishing attacks, spamming 500 million emails and phone numbers and brute-forcing passwords of LinekedIn profiles.
In a similar incident, a massive data leak at Facebook this week had exposed the personal details of around 533 million of its users. The social media giant on April 6 had published a blog in which they admitted a data breach had occurred but added the data was actually stolen back in 2019.
The personal details that have been exposed are details such as phone numbers, Facebook ID, birthdates, etc, of millions of users. Facebook had also said the leaked data had not been obtained through its system but scrapped before September 2019. It said the said data was scrapped by cybercriminals utilising the social media site's contact importer feature.