LinkedIn denies the personal data of 700 million users for sale on Dark Web was a result of a data breach – says information was scrapped
Microsoft’s LinkedIn social network that targets the business community, has denied it has suffered a data breach scare.
According to RestorePrivacy, a LinkedIn data leak has exposed the personal data of 700 million users, which is 92 percent of the network’s total 756 million users.
And to make matters worse, the hackers have reportedly placed the database of 700 million LinkedIn users up for sale on the dark web. This data unfortunately includes phone numbers, physical addresses, geolocation data, and inferred salaries.
It should be remembered that in April this year, LinkedIn was at the centre of data breach allegation, when an archive containing data scraped from 500 million LinkedIn profiles was put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author.
That data included full names, email addresses, phone numbers, workplace information, and more.
But now RestorePrivacy reported that on “22 June a user of a popular hacker advertised data from 700 Million LinkedIn users for sale. The user of the forum posted up a sample of the data that includes 1 million LinkedIn users.”
RestorePrivacy examined the sample and found it to contain email addresses; full names; phone numbers; physical addresses; geolocation records; LinkedIn username and profile URL; personal and professional experience/background; genders; and other social media accounts and usernames.
RestorePrivacy said that was one of the largest LinkedIn data dumps it has seen, and the user claimed that the complete database contains the personal information of 700 million LinkedIn users.
The only bit of good news seems to be that RestorePrivacy did not find login credentials (i.e. passwords) or financial data in the samples it examined, but there is still a treasure trove of information for bad actors to exploit for financial gain and identity theft.
Unfortunately, all this data remains up for sale at the time of writing.
One security expert has said the firm needs to examine how its APIs are being used.
“LinkedIn urgently need to look at how their APIs are used,” said Professor Mark Rodbert, founder and CEO of IDAX Software and visiting professor in Computer Science at the University of York.
“A function designed to retrieve information about one person can have a negative impact when used to fetch a million records,” said Professor Rodbert.
“Modern analytics and big data have changed the way we view information; in the old days I was happy for my phone number and address to be in a telephone directory when it was a paper book and hard to get at, but now everything is instantly available across the globe I’m much less happy,” said Professor Rodbert.
LinkedIn meanwhile has issued a statement on its website to deny the RestorePrivacy report of a data breach that allegedly compromised the data of more than 700 million users.
“Our teams have investigated a set of alleged LinkedIn data that has been posted for sale,” said the firm.
“We want to be clear that this is not a data breach and no private LinkedIn member data was exposed,” said the network. “Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.”
“Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service,” the firm concluded. “When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.”