Linkedin has been accused of storing over 500 million users’ data. Apparently the information is being scraped, and a threat actor has claimed he has gotten his hands on the original data.
Table of Contents
Data scraping
Almost two-thirds of LinkedIn’s 740 million users could have had their profiles scraped by an anonymous hacker on the dark web in May, according to security researchers. Data scraping is a popular tool for attackers to gather information from a wide variety of sources. It can be used for phishing, spam, and automated social engineering attacks. It is also a way for criminals to attack businesses through employees’ data.
LinkedIn’s data scraped includes full names, email addresses, work details, and workplace information. It also contains links to other social media profiles and phone numbers. It is estimated that 88,000 US business owners have been targeted by LinkedIn data scrapers.
LinkedIn isn’t the first company to have been targeted by data scrapers. Alibaba, Taobao, and TomLiner had more than a billion records scraped from their sites in 2018. These scrapes are used for identity theft and spam campaigns, according to Paul Prudhomme, a security intelligence analyst at IntSights. He notes that these data scrapers “don’t actually hack” the site, but instead are automated bots that target certain websites and pull data from their public sections. However, the attackers will always find a way to bypass these methods.
The alleged LinkedIn data scraping has appeared on a hacking forum, and hackers are looking for a four-digit sum for the data. According to Cybernews, samples of the leaked files contained full names, email addresses, and phone numbers.
According to LinkedIn’s spokesperson, the company is actively working to protect its members’ data. But data scraping has already been used for phishing attacks and automated social engineering attacks. The company is trying to stop other companies from mining data from its site.
The LinkedIn data scraping is the latest in a string of data breaches this year. A similar incident occurred in April. This time, a hacker posted a sample of two million LinkedIn records on a popular hacker forum. In the same month, Facebook also suffered a major data breach. This incident was reported by Insider’s Aaron Holmes.
LinkedIn claims that the data scraping is not a data breach, but it may signal the start of a series of LinkedIn-fueled attacks. LinkedIn’s public data is more valuable to threat actors, and it can be used to provide business intelligence. However, it is also vulnerable to phishing attacks and display name spoofing attacks. It can be used in ransomware attacks, as well.
Threat actor claims he has obtained the original 500-million database
Earlier this week, a threat actor claimed to have amassed a massive database of 500 million LinkedIn users’ records, which were then put up for sale online for a hefty price. This was done in the hope that the purchaser will make a profit. While this might sound like a great way to make money, it is not something we should take for granted. Especially when you consider that the LinkedIn data leak could have serious consequences for those who are relying on it.
The 500 million records allegedly include personal information, such as full names, email addresses, and even phone numbers. However, the database does not contain financial data, such as credit cards and bank accounts. This means that users could be at risk for fraudulent financial activities or identity theft. The leak also has a dark side, as it can be used by a skilled hacker to spam 500 million emails and harass users.
While the LinkedIn data leak has not been confirmed yet, the news that it has occurred comes less than two days after the news that Facebook had suffered a similar data leak. If you use LinkedIn, you might want to consider enabling two-factor authentication. Also, you should keep an eye out for suspicious messages from strangers on LinkedIn. If you have already logged into your account, you might want to change your passwords to keep hackers from gaining access to your account. You may also want to consider a password manager. Using a password manager will help you create strong passwords, which you will be able to use to sign in to your account.
The news of the LinkedIn data leak also caused a stir in Italy, where the privacy watchdog began an investigation. Italian authorities asked LinkedIn users to check their profiles to see if they had been affected by the data leak. If you are worried about being targeted by phishing or scammers, you can use a password manager to create strong passwords and store them securely. Moreover, you can protect yourself against targeted phishing campaigns and spam.
While the threat actor claimed to have amassed tens of thousands of megabytes of data, the data that he did make available for sale on a hacker forum is not exactly worth a million bucks. The trove of data includes two million records that were leaked as proof that the data was there. This is a small sample, but it does show that a threat actor’s data collection efforts are not in vain.
LinkedIn’s desktop site, newsfeed and paid services
Having a look around the company’s main site and a bit of digging into the company’s product roadmap, I am left with the impression that LinkedIn is making some impressive strides in the unification of the business social networking paradigm. The company’s new mobile app, slated for release in early 2020, will be the conduit to a seamless LinkedIn experience on mobile, which will include an enhanced feed, more targeted ads and the ability to make new connections and apply for jobs. In a statement to shareholders, CEO Jeff Weiner noted that LinkedIn’s fiscal year ended March 31, 2019, had seen revenue growth of 28.4 percent, which is in line with company-wide growth.
In addition to new mobile app features, LinkedIn has also tapped into Microsoft’s cloud services to enhance the company’s feed. The company’s main feed now incorporates activity from Microsoft’s Office apps, including Word, Excel and Outlook. The new app’s intelligent news feed draws from the company’s trove of data and will feature content culled from LinkedIn’s massive 660 million member base, as well as other sources. The site is also testing a feature called “advertising in the news,” which will allow select advertisers to reach specific audiences via mobile and desktop ads.
The site also has a number of reporting tools for advertisers, including a robust reporting system for ad units. As for ad content, LinkedIn will soon begin testing sponsored videos. For instance, the company has partnered with Vimeo to provide video streaming capabilities to the platform, which will be a big boon for LinkedIn users on the go.
There are also a number of new features slated for the near future, including an improved home page, new newsfeed and enhanced profile analytics. LinkedIn will also be integrating the company’s products with Outlook on Android for the first time. In a statement to shareholders, CEO Weiner noted that LinkedIn’s top grossing product, the premium LinkedIn Premium, will be available for download in the second half of 2019. Having a look around the company’s site, it’s easy to see that the company is committed to a new approach that is both customer-centric and technologically advanced.
