Personal data from more than 500m LinkedIn users has been posted for sale online in yet another incident of threat players taking data from public profiles & putting it online for potential cyber-criminal misuse.
Like a Facebook incident earlier this week, the information — including user profile IDs, email addresses & other PII — was ‘scraped’ from the social-media platform.
Archive Containing Data
Hackers posted an archive containing data they said includes LinkedIn IDs, full names, professional titles, email addresses, phone numbers & other personally identifiable information (PII) on a popular hacker forum, according to a report in Cyber News on Tue.
The LinkedIn incident comes after a major leak of personal data from more than 533m Facebook users last weekend.
The data set also includes links to LinkedIn profiles & other social-media profiles, according to the report. Moreover, to prove the authenticity of the info & provide a teaser of the data inside, the hackers responsible also leaked another 2m records as a proof-of-concept sample, the report explained.
Users on the forum can view the samples for about $2 worth of forum credits. However, the threat player also appears to be auctioning off the ‘crown jewel’ of the data-gathering — the 500m-user database — for at an amount that is at least in the 4-digit range, most likely in a Bitcoin equivalent, explains the report.
Payment Card Details
“As the leaked data contains no payment card details & no passwords, it’s of less value to attackers & won’t sell for much on the Dark Web anyway,” Candid Wuest, Acronis VP of Cyber-Protection Research, stated.
“However, it does contain valuable personal information (workplace info, email, social account links), which is why it’s not published it for free.”
LinkedIn officials confirmed that data from the platform was included in the database &, like Facebook officials before them, said it was not due to a breach of its system but instead was scraped from the LinkedIn site.
“We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites & companies” that includes “publicly viewable member-profile data that appears to have been scraped from LinkedIn,” the company said in a statement on its website, on Thur.
“This was not a LinkedIn data breach, & no private member account data from LinkedIn was included in what we’ve been able to review,” outlines the post.
‘Scraping’ is a common tactic used by threat players to take public information from the internet that can then be sold online for profit & reused for malicious activity. Scraped data is often ‘repurposed’ to create socially engineered phishing attacks, to commit identity theft, brute-force credentials, or spam victims’ accounts, among other illegal activity.
LinkedIn also re-iterated Facebook’s comments that any misuse of platform members’ data by scraping violates its terms of service & outlined that the company will be investigating.
“When anyone tries to take member data & use it for purposes LinkedIn & our members haven’t agreed to, we work to stop them & hold them accountable,” states LinkedIn’s statement.
It’s unclear currently if LinkedIn will face regulatory troubles due to the incident, such as being in violation of the General Data Protection Rule (GDPR). The GDPR is a European Union rule that went into effect in May 2018 that compels companies to disclose data breaches within a certain period of time or face penalties. Facebook currently faces an investigation by Ireland’s Data Protection Commission (IDPC) over the earlier leak.
Cyber News has posted an online tool so people can check to see if their data was leaked in the most recent LinkedIn incident. If that is the case, they should be extra-cautious in opening suspicious emails or text messages or links related to messages from senders they do not recognise.
“It is not uncommon to see such data sets being used to send personalised phishing emails, extort ransom or earn money on the Dark Web – especially now that many hackers target job seekers on LinkedIn with false job offers, infecting them with a backdoor trojan,” commented Wuest.
“For example, such personalised phishing attacks with LinkedIn lures were used by the Golden Chickens group last week.”