Half A Billion LinkedIn Members Found For Sale

Only a few days after discovery of a massive dump of Facebook user datathere has been a second enormous data theft, this time involving LinkedIn. 
 
An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum. IDs, names, email addresses and more personal details are part of the massive database of stolen data, which could be used to launch additional attacks on LinkedIn and its users. 
 
The data leak was posted to a forum popular with hackers by a user asking for a "four-digit $$$$ minimum price" for access to the full database of stolen account information.
 
To prove the legitimacy of the info, the leaker included two million records as a sample that users on the form can view for $2 worth of forum-specific credits. CyberNews researchers were able to confirm that the data contained in the sample was legitimate, but added that, "It's unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies." Included in the leaked data was "a variety of mostly professional information," including LinkedIn IDs, full names, email addresses, phone numbers, user gender, links to LinkedIn profiles, links to other connected social media profiles, professional titles and other work-related data. 
 
The leaked data doesn't appear to contain any credit card, other financial details or legal documents that could be used for fraud, although the lack of financial or identification documentation doesn't mean the leaked data isn't dangerous as a determined attacker can combine information found in the leaked files with other data breaches in order to create detailed profiles of their potential victims. "With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum," CyberNews said. 
 
LinkedIn says it has nearly 740m users worldwide and if the leaker selling this batch of stolen data is telling the truth, then almost anyone with a LinkedIn account could be among the 500 million leaked records. 
 
LinkedIn users should take precautions to protect their accounts and their personal data by:   
 
  • Changing LinkedIn account passwords and email account passwords associated with LinkedIn profiles.
  • Being wary of LinkedIn messages and connection requests from unknown people.
  • Learning to identify phishing emails and text messages.
  • Never opening links to websites from an email, and instead navigating to a site manually and logging in there. 
  • Installing strong anti-phishing and anti-malware software. 
 
In addition to taking proper precautions with your security, it's also a good idea to subscribe to a website like Have I Been Pwned, which will notify you if your email address is found in a data breach that it has scanned and added to its master database of compromised accounts.  If your information appears in a Have I Been Pwned search, it's important to take action immediately using the above security tips.
 
LinkedIn:      Techrepublic:        CyberNews:       HaveIBeenPwnd:      Inspired eLearning:     Image: Unsplash
 
You Might Also Read: 
 
LinkedIn Used As The Vehicle For A Global Scam:
 
« FatFace Pays $2million Ransom To Cyber Criminals
Credentials Phishing Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

RSA Conference

RSA Conference

RSA Conference conducts information security events around the globe that connect you to industry leaders and highly relevant information.

AA Certification (AAC)

AA Certification (AAC)

AAC provide ISO Quality Management System certification services including ISO 27001.

Patchstack

Patchstack

Patchstack (formerly WebARX) is a web application security platform, which allows digital agencies and developers to monitor, protect and maintain their websites.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

VMRay

VMRay

VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine.

Dual Layer IT Solutions

Dual Layer IT Solutions

Dual Layer offer a full range of IT Services and Solutions for businesses from IT infrastructure design to cloud/hosted solutions, cybersecurity, disaster recovery and IT training.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

Specops Software

Specops Software

Specops Software is a leading password management and authentication solution vendor.

Startups.be

Startups.be

Startups.be helps tech entrepreneurs to be successful by providing quality access to service providers, business partners, customers and investors.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

SafeGuard Cyber

SafeGuard Cyber

The SafeGuard Cyber SaaS platform empowers enterprises to adopt the social and digital channels they need to reach customers, while reducing digital risk and staying secure and compliant.

Fasken

Fasken

Fasken is one of the largest business law firms in Canada and a recognized leader in privacy and cybersecurity law.

iON United

iON United

iON United is a full-service IT security solutions provider and one of the most trusted names in cybersecurity in Canada.

LBMC

LBMC

LBMC is a professional services solutions provider in accounting and finance, human resources, technology, risk and information security, and wealth advisory services.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

Hushmesh

Hushmesh

Hushmesh is a start-up aimed at securing the world’s digital infrastructure by developing develop the Mesh, a global information space with automated security built in.