The personal data of more than 700 million LinkedIn users is for sale on a hacking forum. Is about full names, phone numbers, physical addresses and more. This information could be used by hackers to execute different attacks related to identity theft.
According to Restoreprivacy, a website that advocates for online security and privacy, the data breach is one of the largest in the history of LinkedIn. In April the personal information of 500 million profiles was exposed, now that number rises to 756 million, something that is equivalent to more than 92% of the total users of the social network.
In order to prove the authenticity of the information, the author published a sample of 1 million LinkedIn profiles. The file includes the following data:
Emails Full names Phone numbers Physical addresses Geolocation records User name and LinkedIn profile URL Personal and professional background / experience Genres Other social media accounts and user names
LinkedIn published data appears to be real
Restoreprivacy says that cross-checking the sample data with other publicly available information indicates that it’s about real users. It also adds that although passwords were not exposed, this leak can lead to other security problems, for example, identity theft to carry out Phishing attacks.
LinkedIn has not made any public comment on the latest leak. However, in the one that occurred in April, it indicated that the published data set was a combination of public information from the profiles of its users together with others obtained from different services.
According to the hacker who posted the message on the forum, the data was obtained by exploitation of the LinkedIn API. In other words, the developer interface would have been used to “scrape data” from users, also known as “Web Scraping”.
Following this news, online tools such as Have I Been Pwned and the Cybernews database can be useful when it comes to verifying whether an email or phone number associated with different services has been leaked online.