Half A Billion LinkedIn Members Found For Sale

Uploaded on 2021-04-09 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

Only a few days after discovery of a massive dump of Facebook user datathere has been a second enormous data theft, this time involving LinkedIn. 
 
An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum. IDs, names, email addresses and more personal details are part of the massive database of stolen data, which could be used to launch additional attacks on LinkedIn and its users. 
 
The data leak was posted to a forum popular with hackers by a user asking for a "four-digit $$$$ minimum price" for access to the full database of stolen account information.
 
To prove the legitimacy of the info, the leaker included two million records as a sample that users on the form can view for $2 worth of forum-specific credits. CyberNews researchers were able to confirm that the data contained in the sample was legitimate, but added that, "It's unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies." Included in the leaked data was "a variety of mostly professional information," including LinkedIn IDs, full names, email addresses, phone numbers, user gender, links to LinkedIn profiles, links to other connected social media profiles, professional titles and other work-related data. 
 
The leaked data doesn't appear to contain any credit card, other financial details or legal documents that could be used for fraud, although the lack of financial or identification documentation doesn't mean the leaked data isn't dangerous as a determined attacker can combine information found in the leaked files with other data breaches in order to create detailed profiles of their potential victims. "With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum," CyberNews said. 
 
LinkedIn says it has nearly 740m users worldwide and if the leaker selling this batch of stolen data is telling the truth, then almost anyone with a LinkedIn account could be among the 500 million leaked records. 
 
LinkedIn users should take precautions to protect their accounts and their personal data by:   
 
  • Changing LinkedIn account passwords and email account passwords associated with LinkedIn profiles.
  • Being wary of LinkedIn messages and connection requests from unknown people.
  • Learning to identify phishing emails and text messages.
  • Never opening links to websites from an email, and instead navigating to a site manually and logging in there. 
  • Installing strong anti-phishing and anti-malware software. 
 
In addition to taking proper precautions with your security, it's also a good idea to subscribe to a website like Have I Been Pwned, which will notify you if your email address is found in a data breach that it has scanned and added to its master database of compromised accounts.  If your information appears in a Have I Been Pwned search, it's important to take action immediately using the above security tips.
 
LinkedIn:      Techrepublic:        CyberNews:       HaveIBeenPwnd:      Inspired eLearning:     Image: Unsplash
 
You Might Also Read: 
 
LinkedIn Used As The Vehicle For A Global Scam:
 
« FatFace Pays $2million Ransom To Cyber Criminals
Credentials Phishing Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CyTech Services

CyTech Services

CyTech provides unique services and solutions complemented with professional subject matter experts to both the Federal and Commercial sectors.

Softtek

Softtek

Softtek helps its clients to gain a competitive edge by implementing digital solutions that propel their business strategies.

HireVergence

HireVergence

HireVergence is a full service IT staffing and recruiting firm with a focus on cyber and information security.

IT Association of Slovakia (ITAS)

IT Association of Slovakia (ITAS)

ITAS is a professional association of domestic and foreign companies operating in the field of information and communication technologies

Cybonet

Cybonet

Cybonet provides easy to deploy, flexible and scalable security solutions that empower organizations of all sizes to actively safeguard their networks in the face of today’s evolving threats.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

iProov

iProov

iProov delivers authentication and verification simply and securely, based on a genuine one-time biometric.

Sectra Communications

Sectra Communications

Sectra successfully develops and sells cutting-edge solutions in the expanding niche segments of medical IT and cybersecurity.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

ClearHub

ClearHub

The aim of ClearHub is simple: to give businesses like yours access to the best talent, all screened and technically tested by Clearvision’s expert team.

Votiro

Votiro

Votiro is an award-winning cybersecurity company that specializes in file sanitization, ensuring every organization is safe from zero-day and undisclosed attacks.

Cyber Legion

Cyber Legion

Cyber Legion Ltd is a UK-based Cyber Security as a Service (CSaaS) start-up that provides IT security testing services to various organizations around the globe.

Fingerprints

Fingerprints

Fingerprints is the world-leading biometrics company. Our solutions are found in millions of devices providing safe and convenient identification and authentication with a human touch.

Cloudsmith

Cloudsmith

Cloudsmith is the only cloud-native, global, universal artifact management platform for securely developing and distributing software.