700 million LinkedIn user records up for sale

Amer Owaida, Security Writer at ESET discusses the latest breach at LinkedIn, where all the information was scraped from LinkedIn user profiles includes full names, gender, email addresses and phone numbers.

For the second time this year, data scraped from the accounts of hundreds of millions of LinkedIn users has been posted for sale on a hacking forum. This haul seems to be even bigger than the one that involved data belonging to 500 million LinkedIn user accounts and was put up for sale in April of this year.

According to Privacy Sharks, which broke the news about the new data cache, a user going by the moniker “GODUserTomLiner” posted an offer on a popular hacking forum on June 22nd, claiming that they had 700 million LinkedIn user records for sale – a figure that almost amounts to the website’s entire userbase.

As proof of their claims, the seller released a sample of some 1 million records that were analyzed by Privacy Sharks researchers. The team verified that the uploaded sample included a smorgasbord of genuine data, such as full names, gender, email addresses, phone numbers, and information about the users’ professional experience.

“This time around, we cannot be sure whether or not the records are a cumulation of data from previous breaches and public profiles, or whether the information is from private accounts. We employ a strict policy of not supporting sellers of stolen data and, therefore, have not purchased the leaked list to verify all of the records,” Privacy Sharks said.

In April of this year, a treasure trove of data scraped from over 500 million LinkedIn user profiles was put up for auction on a hacking forum with a minimum four-digit asking price. However, the Microsoft-owned professional social media network disputed that the information originated solely from their website and added that the data did not come from a data breach.

Reacting to the latest incident, Leonna Spilman, a corporate communications manager at LinkedIn, offered a statement that was very much in the same vein as the one issued in April:

“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”

But since there are an additional 200 million records being offered for sale on the internet’s seedy underbelly, it is safe to assume that cybercriminals were able to scrape even more data or build upon the previously collected information.

Data-impacting incidents pose a real and serious risk to users since they can be used to carry out targeted phishing campaigns, or some kinds of data obtained could be used to ‘fill in the blanks’ during credential-stuffing attacks.

If you suspect that you might have been affected, there are a number of steps you can take to mitigate the chances of falling prey to resourceful cybercriminals:

  • Remain vigilant and never click on dubious links and attachments you receive in unsolicited messages from strangers
  • If you tend to recycle passwords, consider changing them and use a password manager that will generate complex and hard-to-crack passwords for you
  • Double down on your security with the help of multi-factor authentication, preferably by using either an authenticator app or a hardware token