LINKEDIN PERSONAL DATA BREACH
You’ll remember that at the end of March, the personal data of 533 million Facebook users was uploaded to a hacking forum for free. Now the professional business social media favourite and networking platform, LinkedIn, has become a victim of cybercrime. On 6 April, Cyber News reported that scraped personal data of over 500 million LinkedIn users was being sold online. A spokesperson from LinkedIn confirmed that the database was not obtained through a breach but
“…is actually an aggregation of data from a number of websites and companies.”
WHAT PERSONAL DATA WAS COMPROMISED?
To prove their point, the hacker uploaded 2 million sample records from the 500 million database. The stolen records included:
- LinkedIn IDs
- Full names
- Email addresses
- Phone numbers
- Genders
- Links to LinkedIn profiles
- Links to other social media profiles
- Professional titles and other work-related data
WHAT WILL HAPPEN NEXT?
Who knows? At least the breached leaked files did not contain highly sensitive data such as credit card details, legal documents, or personal messages between LinkedIn users. Still, that doesn’t mean much. Any smart cybercriminal can wreak havoc with a full name, email address and mobile phone number. Brilliant cybercriminals minds may even be able to combine the LinkedIn data with information from other data breaches. They’ll then use this to conduct convincing phishing and social engineering attacks, or even commit identity fraud. No good. Remember, once your personal data is out there, it’s out there for good.
827 RECORDS GOING CHEAP
From what I have been able to piece together, the first batch of 500 million LinkedIn records was sold to another hacker. He or she then expanded this mammoth database, adding 327 million scraped LinkedIn profiles, and putting them up for sale on the same hacking forum. For how much, you ask? Next to nothing, I’m afraid. Data comes cheap nowadays and the asking price was $7,000 in bitcoin.
MORE USER PROFILES THAN ON LINKEDIN
The irony of this scenario is that as of this month, LinkedIn has nearly 740 million members in more than 200 countries and territories worldwide. So the hackers’ offering of 827 million profiles exceeds LinkedIn’s user database of 740 million by more than 10 million. If all this is true, a lot of the new data on offer is likely either duplicate or outmoded. Probably not worth $7,000 but no one can be certain.
WHAT WILL LINKEDIN DO?
While Facebook confirmed that it will not be notifying the 533 million users of the data breach in March, LinkedIn has taken a different position on its hack. The networking site claimed that the breach of data
TAKE ACTION NOW
If you suspect that your LinkedIn profile has been compromised, take these necessary steps immediately:
- Use this personal data leak checker to see if your email or phone number has been hacked
- Change the passwords of your LinkedIn and email accounts
- Use a password manager such as LastPass to create and store robust passwords
- Enable 2-factor authentication on all your online accounts
- Be cognizant of suspicious LinkedIn messages and connection requests
Watch out for phishing emails and text messages. Don’t click on anything suspicious. Don’t respond to people you don’t know. Don’t become a victim of cybercrime!
I CAN HELP!
With over 20 years as an executive and business owner working in professional IT and specializing in cybersecurity awareness and risk mitigation, I’m always here to help. If you are at all worried about your cybersecurity, contact me and I’ll provide the latest, and hopefully greatest, guidance on best cybersecurity practices. You can also read my best-selling books on cybersecurity, Cybersecurity Now and Adapt and Overcome.