500 million accounts for sale in a forum

Just days after Facebook’s 530 million personal data leak, it is now LinkedIn the one that has suffered the same fate. The data of 500 million users of the professional social network is for sale on a hacking forum.

As proof, the hackers who have put the data set up for sale have published the data of nearly two million profiles. The four leaked files contain information about LinkedIn users including their full names, email addresses, phone numbers, workplace information, or academic titles.

As with the case of Facebook, this data was obtained through a scrapping of the LinkedIn website. It is not, therefore, a targeted attack violating the security of the social network owned by Microsoft.

All visible LinkedIn personal data exposed

Photo by Souvik Banerjee on Unsplash

The author of the forum post, who has put up for sale the package with the leaked personal data of 500 million users, is the one who has claimed that the data was extracted from LinkedIn by scraping.

What is not entirely clear is whether the scraping is recent or is it an older, outdated data set. From Cybernews they point out that also they may have been added from different scrapings to LinkedIn or to other companies. At the moment it is unknown.

The content of personal data leaked if known with certainty. Thanks to the “evidence” that the pirate has left so that the authenticity of the content is verified we know that the data set contains:

linkedIn personal data leakSample of LinkedIn data put to the vein

Based on the samples we saw of the leaked files, they appear to contain a variety of information, mainly professional, from LinkedIn profiles, including:

LinkedIn IDs. Full names. Emails. Phone numbers. Genders. Links to LinkedIn profiles. Links to other social media profiles. Professional titles. History of jobs and their content.

Of course, no information considered sensitive has been found, as bank details, so it seems that effectively only public information has been accessed.

We will have to wait to confirm if it is an old or recent data set. But be that as it may, it seems that social media have a serious problem with scraping public data.

Although it seems that the passwords have not been leaked, we recommend that you change it as soon as possible, since the information is sufficiently rich as to generate brute force attacks to access another account or other services associated with email.