Users do not have time to recover after news of the leak Facebook data as it became aware of a new incident, this time on LinkedIn. On a popular forum on the darknet, an archive of data collected from 500 million LinkedIn profiles was put up for sale. As proof of data authenticity, sellers offer 2 million profiles for free. More specifically, forum users can view leaked data samples for about $ 2 forum credits.
The four leaked files contain information from LinkedIn users, allegedly collected using a technique known as web scraping (collecting data by extracting it from web resource pages, either manually or using automated processes). This includes full names, gender, email addresses, phone numbers, job details, LinkedIn user IDs, links to LinkedIn profiles, and links to other social media profiles.
Using the above data, attackers can:
- Carry out targeted phishing attacks;
- Send spam to 500 million users affected by the leak;
- Hack the accounts of users affected by the leak using brute force attacks (brute force attacks).
“We analyzed the alleged data set of LinkedIn users for sale and determined that it was actually a collection of data from multiple websites and companies,” LinkedIn said in an official statement.
According to the statement, there is no private LinkedIn account data in the leak. This means that there is publicly available information for sale, which is already visible on the page. As LinkedIn emphasizes, from a technical point of view, the incident cannot be considered a leak, since the data was not copied by hackers who penetrated into LinkedIn's systems, but simply collected from users' pages.
Whether LinkedIn intends to notify its users about the incident is unknown. As previously reported , Facebook, which recently faced a similar problem, has no plans to inform users.