Half A Billion LinkedIn Members Found For Sale

Only a few days after discovery of a massive dump of Facebook user datathere has been a second enormous data theft, this time involving LinkedIn. 
 
An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum. IDs, names, email addresses and more personal details are part of the massive database of stolen data, which could be used to launch additional attacks on LinkedIn and its users. 
 
The data leak was posted to a forum popular with hackers by a user asking for a "four-digit $$$$ minimum price" for access to the full database of stolen account information.
 
To prove the legitimacy of the info, the leaker included two million records as a sample that users on the form can view for $2 worth of forum-specific credits. CyberNews researchers were able to confirm that the data contained in the sample was legitimate, but added that, "It's unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies." Included in the leaked data was "a variety of mostly professional information," including LinkedIn IDs, full names, email addresses, phone numbers, user gender, links to LinkedIn profiles, links to other connected social media profiles, professional titles and other work-related data. 
 
The leaked data doesn't appear to contain any credit card, other financial details or legal documents that could be used for fraud, although the lack of financial or identification documentation doesn't mean the leaked data isn't dangerous as a determined attacker can combine information found in the leaked files with other data breaches in order to create detailed profiles of their potential victims. "With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum," CyberNews said. 
 
LinkedIn says it has nearly 740m users worldwide and if the leaker selling this batch of stolen data is telling the truth, then almost anyone with a LinkedIn account could be among the 500 million leaked records. 
 
LinkedIn users should take precautions to protect their accounts and their personal data by:   
 
  • Changing LinkedIn account passwords and email account passwords associated with LinkedIn profiles.
  • Being wary of LinkedIn messages and connection requests from unknown people.
  • Learning to identify phishing emails and text messages.
  • Never opening links to websites from an email, and instead navigating to a site manually and logging in there. 
  • Installing strong anti-phishing and anti-malware software. 
 
In addition to taking proper precautions with your security, it's also a good idea to subscribe to a website like Have I Been Pwned, which will notify you if your email address is found in a data breach that it has scanned and added to its master database of compromised accounts.  If your information appears in a Have I Been Pwned search, it's important to take action immediately using the above security tips.
 
LinkedIn:      Techrepublic:        CyberNews:       HaveIBeenPwnd:      Inspired eLearning:     Image: Unsplash
 
You Might Also Read: 
 
LinkedIn Used As The Vehicle For A Global Scam:
 
« FatFace Pays $2million Ransom To Cyber Criminals
Credentials Phishing Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions creates enterprise mobility and file sharing solutions for companies, teams and freelancers.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

ReFirm Labs

ReFirm Labs

ReFirm Labs provides the tools you need for firmware security, vetting, analysis and continuous IoT security monitoring.

Touchstone Security

Touchstone Security

Touchstone Security is a company with a passion for technology, a hyper-focus on cybersecurity, and a special affinity for cloud technology.

Cigent Technology

Cigent Technology

Cigent keeps the most valuable asset in your organization safe—your data. Our advanced endpoint and managed network security solutions prevent ransomware and data theft.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

LogicGate

LogicGate

The LogicGate Risk Cloud™ is an agile GRC cloud solution that combines powerful functionality with intuitive design to enhance enterprise GRC programs.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.

NetScout Systems

NetScout Systems

NetScout assures digital business services against disruptions in availability, performance, and security.

Olympix

Olympix

Dev-first Web3 security that starts at the source. Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

Defence Logic

Defence Logic

Defence Logic is a cyber security company serving clients in many business sectors. Our consultancy services include Penetration Testing, Security Reviews and Monitoring.