Data from over 500 million LinkedIn users has been scraped and posted online for sale to hackers

Getty Images
Share to friends

Data from more than half a billion LinkedIn users has been scraped and is being sold online to hackers. This is the second major cybersecurity incident that occurred this month, following news of a similar incident involving Facebook where 533 million users’ personal data were leaked online.

LinkedIn confirmed the latest incident but said it was not a data breach and that no private member account data from the platform was included.

“We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review,” the Microsoft Corp’s professional networking site wrote in a blog post on Thursday.

READ ALSO  Reddit user, the investor behind the GameStop market frenzy says he lost $13 million

But LinkedIn did not provide more details about the incident, including the exact number of the users affected.

CyberNews previously reported on April 6 that an archive of data scraped from 500 million LinkedIn profiles was put for sale on a popular hacker forum, with another two million records leaked as a proof-of-concept sample by the post author.

The data includes user IDs, full names, email addresses, phone numbers, professional titles, and other work-related data, the cyber security news and research group said.

According to Fortune Magazine, although the scraped LinkedIn data doesn’t contain sensitive information like bank account details such as credit card information or Social Security numbers, it does include data that could help bad actors perform other sophisticated hacking attempts. For instance, hackers could use data like email addresses and phone numbers to conduct more convincing phishing attacks, in which they send people bogus emails that look real but contain links to malicious websites.

READ ALSO  Visa to allow payment settlements using cryptocurrency

Prior to the LinkedIn data incident, Facebook had announced that “malicious actors” obtained data prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for syncing contacts.

Sadly, millions of people fall victims to various internet crimes every year. Social companies including Facebook and Twitter have been increasingly criticized over how they handle user privacy across their platforms.

In 2019, Facebook reached a landmark settlement with the U.S. Federal Trade Commission over its investigation into allegations the company misused user data.

There’s a lot of concern about the ways tech companies are handling privacy,” said Michael Beckel, the research director for Issue One.