Database of 700M LinkedIn users found for sale on a hacking forum
A database with details of 700 million LinkedIn users has been found for sale on a hacking forum.
The database has been offered for sale since June 22 by a user called TomLiner on Raid Forums, including a sample of 1 million records provided to prove the claim. However, no price was listed to purchase the database. The listing said only that details could be obtained by contacting the poster and that payment could be made by MM/Escrow.
Privacy Sharks reported Sunday that it reviewed the sample and can confirm its legitimacy. The sample database includes full names, gender, email addresses, phone numbers and industry information.
In a statement, LinkedIn said its initial analysis found that the dataset includes information scraped from LinkedIn and information obtained from other sources. “This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed,” the Microsoft Corp.-owned business network said. “Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
The new database follows another database of 500 million LinkedIn users that was offered for sale in April. At the time, LinkedIn said that the data was from an “an aggregation of data from a number of websites and companies.” There is a strong potential that much of the data in the new database may have been data originally in the April database.
Raid Forums, which is on the open internet and easily found by a Google search, has become a popular destination for hackers and others to sell stolen or scraped data. The same user, TomLiner, offered 553 million Facebook Inc. user records on the forum in April. Data from Clubhouse was offered the same month, while billions of credentials from a defunct breach site appeared on Raid Forums in September.
“While LinkedIn may not have been the victim of a data breach, this development proves that motivated attackers are still capable of gleaning and leveraging publicly available information that can have broad implications on consumers,” Jim Gogolinski, vice president of research and intelligence and cloud network security company iboss Inc., told SiliconANGLE. “This is a stark reminder of the amount of information that cybercriminals have at their disposal to carry out dangerous and hard-to-spot phishing and credential-stuffing attacks.”
Alex Balan, director, security research at cybersecurity software provider Bitdefender S.R.L., noted that “your phone number, e-mail address, social security number, home address are information we are constantly sharing with an increasing number of people, social media networks and organizations. It’s only a matter of time before this information is exposed to cybercriminals, if it isn’t already.”
Saying that the most basic and imperative action is to know when that happens, Balan added that “while social media companies continue to improve at preventing scraping bots and other information-gathering tools, it’s our job as informed consumers to be aware of the information we expose publicly and how it can be used by cybercriminals in a worst-case scenario.”
Image: Raid Forums
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.