SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
LinkedIn data from 700 million users for sale on hacking forum
Thu, 1st Jul 2021
FYI, this story is more than a year old

LinkedIn is facing its second leak in two months, this time with the data of 700 million users posted online.  

The data was put up for sale on the hacking and leak forum RaidForums last week, which was seen by a privacy-focused news site and reported to LinkedIn. The verified records contain usernames, job titles, emails, birthdays, salary, location, and other details. The seller included a sample set of 1 million records.

In a statement, LinkedIn says their investigation team found the leaked data to be scraped and not the result of a breach.

“Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach, and no private LinkedIn member data was exposed,” the statement read.

“Our initial investigation has found that this data was scraped from LinkedIn and other various websites.”

This is familiar territory for LinkedIn, who only two months ago faced a similar leaked data problem with 500 million scraped user's records put up for sale. In a statement last April, LinkedIn confirmed the data leak was not a security breach. 

In the April 2021 statement, LinkedIn said it had investigated a set of the records posted for sale and had determined it was an aggregation of data from a number of websites and companies. In the statement, LinkedIn said, “[The data] does include publicly viewable member profile data that appears to have been scraped from LinkedIn.” 

The leaked information still poses a threat to affected LinkedIn users. With details such as email addresses and phone numbers made available to buyers online, individuals could become the target of spam campaigns, or worse still, victims of identity theft.

Although the records do not seem to hold any private information, LinkedIn users should be aware they may find themselves on the receiving end of email and phone scams and potential brute force attacks on emails.

There is also the possibility of targeted advertising with information such as a users' company, position, gender, and location readily available in the records.  

It's a good idea to secure your LinkedIn account with a new password and also enable two-factor authentication to help protect against brute force attacks.