After 500m LinkedIn enthusiasts were affected in a data-scraping incident in April, it has happened again – with big security ramifications.
A new posting with 700m LinkedIn records has appeared on a popular hacker forum, states researchers.
GOD User Tom Liner
Analysts from Privacy Sharks found the data put up for sale on Raid Forums by a hacker calling himself “GOD User Tom Liner.” The advertisement, posted June 22, claims that 700m records are included in the cache, & included a sample of 1m records as “proof.”
Privacy Sharks examined the free sample & saw that the records include full names, gender, email addresses, phone numbers & industry information. It is unclear what the origin of the data is – but the scraping of public profiles is a likely source. That was the driver behind the collection of 500m LinkedIn records that went up for sale in April.
It contained an “aggregation of data from a number of websites & companies” as well “publicly viewable member profile data,” LinkedIn explained at the time.
LinkedIn, says no breach of its networks has occurred this time, either:
“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources,” according to the company’s press statement.
“This was not a LinkedIn data breach & our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service & we are constantly working to ensure our members’ privacy is protected.”
200m More Records
“This time around, we cannot be sure whether or not the records are a cumulation of data from previous breaches & public profiles, or whether the information is from private accounts,” according to Privacy Shark’s blog post, published Mon. “We employ a strict policy of not supporting sellers of stolen data &, therefore, have not purchased the leaked list to verify all of the records.”
There are 200m more records available in the collection this time around, so it is probable that new data has been scraped & that it is more than a redo of the previous group of records, researchers added.
The good news is that credit-card data, private message contents & other sensitive information is not a part of the incident, from Privacy Shark’s analysis. That is not to say there are not serious security implications though.
“The leaked information poses a threat to affected LinkedIn users,” according to Privacy Sharks. “With details such as email addresses & phone numbers made available to buyers online, LinkedIn individuals could become the target of spam campaigns, or worse still, victims of identity theft.”
E-mail or Telephone Scams
It added, “expert hackers may still be able to track down sensitive data through just an email address. LinkedIn users could also be on the receiving end of email or telephone scams that trick them into sharing sensitive credentials or transferring large amounts of money.”
Then there are brute-force attacks to be concerned about: “Using email addresses provided in the records, hackers may attempt to access users’ accounts using various combinations of common password characters,” researchers warned.
The data could be a social engineering ‘goldmine.’ Attackers could just visit public profiles to target someone but having so many records in 1 place could make it possible to automate targeted attacks using information about users’ jobs & gender, among other details.
“It is not uncommon to see such data sets being used to send personalised phishing emails, extort ransom or earn money on the Dark Web – especially now that many hackers target job seekers on LinkedIn with bogus job offers, infecting them with a backdoor trojan,” Candid Wuest, Acronis VP of Cyber-Protection Research, outlined at the time of the 1st data-scraping incident.
“For example, such personalised phishing attacks with LinkedIn lures were used by the Golden Chickens group.”
Users should secure their LinkedIn accounts by updating passwords & enabling two-factor authentication.