92% of LinkedIn users’ data found on hackers site for sale
#1
Not long after we learned that more than 500 million LinkedIn accounts were scraped, a report yesterday revealed a second round of data exposure, that saw almost 92% of the professional networking platform’s users’ data being exposed and sold on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries.

Reports indicated that the hacker who obtained the data has posted a sample of one million records, and checks confirm that the data is both genuine and up-to-date. According to reports by RestorePrivacy, the hacker appears to have misused the official LinkedIn API to download the data, the same method used in a similar breach back in April.

Quote:“On June 22, a user of a popular hacker advertised data from 700 million LinkedIn users for sale. The user of the forum posted up a sample of the data that includes one million LinkedIn users. We examined the sample and found it to contain the following information: e-mail addresses, full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experience/background, genders, other social media accounts, and usernames."

“Based on our analysis and cross-checking data from the sample with other publicly available information, it appears all data is authentic and tied to real users. Additionally, the data does appear to be up to date, with samples from 2020 to 2021. We reached out directly to the user who is posting the data up for sale on the hacking forum. He claims the data was obtained by exploiting the LinkedIn API to harvest information that people upload to the site,” the report stated.

Although no passwords are included, as the site notes, it is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites.



LinkedIn denies, again


For the previous breach, LinkedIn did confirm that the 500 million records included data obtained from its servers, but claimed that more than one source was used. This time around, the company has issued a similar statement. 

Quote:“Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed,” the company said in a note posted on its website. 

“Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.”


Regardless of how the data ended up in the hands of a seller on one of the most notorious data marketplaces around, it’s still a potentially huge problem for the 700 million people whose details are included. Frankly, when a user publishes information about themselves online, the reality is that it’s out there for anyone who happens upon it to read, download, store and analyze. The only thing standing in the way is a site’s terms of service (ToS).

LinkedIn notes that its ToS does expressly prohibit data scraping and the company has shown a willingness to litigate — most notably against the “data analytics” startup hiQ. The 9th US Circuit Court of Appeals ruled data scraping was legal in 2019. LinkedIn pushed the case all the way to the US Supreme Court, which earlier this month threw out the lower court’s original ruling. LinkedIn will now have another chance to plead its case in the 9th Circuit.



https://techhq.com/2021/07/92-of-linkedi...-for-sale/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  BitTorrent Blocklists Are Even Less Effective Than Pirate Site Blocking Ernesto 9 47,088 Jun 09, 2024, 12:18 pm
Last Post: reeboker
  Italian data protection authority strikes another major blow to Google Analytics Resurgence 0 11,306 Jun 24, 2022, 00:29 am
Last Post: Resurgence
  Mullvad VPN server audit found no information leakage or logging of customer data Resurgence 0 10,762 Jun 23, 2022, 00:52 am
Last Post: Resurgence
  Mongolians to be alerted when their personal data is used Resurgence 0 9,748 Jun 22, 2022, 00:49 am
Last Post: Resurgence
  US: Twitter to pay $150m fine to resolve data privacy violations Resurgence 0 11,389 May 29, 2022, 00:52 am
Last Post: Resurgence



Users browsing this thread: 1 Guest(s)