Update (06/29 – 7:50 p.m.): the article has been updated on LinkedIn's statement.
The personal data of more than 700 million LinkedIn users is for sale on a hacking forum. It's about full names, phone numbers, physical addresses and more. This information could be used by hackers to execute different attacks related to identity theft.
According to Restoreprivacy, a website that promotes online security and privacy, the data breach is one of the largest in the history of LinkedIn. In April, the personal information of 500 million profiles was exposed, now that number rises to 756 million , something that is equivalent to more than 92% of the total users of the social network.
In order to prove the authenticity of the information, the author published a sample of 1 million LinkedIn profiles. The file includes the following data:
Emails Full names Phone numbers Physical addresses Geolocation records User name and LinkedIn profile URL Personal and professional experience / background Genres Other social media accounts and user names
LinkedIn published data appears to be real
Credit: Restoreprivacy Restoreprivacy says that cross-checking the sample data with other publicly available information indicates that these are actual users . It also adds that although passwords were not exposed, this leak can lead to other security problems, for example, identity theft to carry out Phishing attacks.
According to the hacker who posted the message on the forum, the data was obtained by exploiting the LinkedIn API . In other words, the developer interface would have been used to “scrape data” from users, also known as “Web Scraping”.
After this news, online tools such as Have I Been Pwned and the Cybernews database can be useful when it comes to verifying if an email or phone number associated with different services has been leaked on the network.
LinkedIn ensures that a data breach of its users has not taken place. Below is the official statement of the company.
“Although we are still investigating the situation, a first analysis indicates that this data includes information obtained from both LinkedIn and other sources. This is not a LinkedIn data breach and our investigation has determined that no private data of our members has been exposed. The extraction of data from LinkedIn is a violation of our policies, so we work continuously to ensure the protection of the privacy of our members. ”
