BACKGROUND:
As reported by 9to5mac a second massive Linkedin breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users.
“The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up-to-date …
No passwords are included, but as the site notes, this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites. With the previous breach, LinkedIn did confirm that the 500M records included data obtained from its servers, but claimed that more than one source was used. Hacker appears to have misused the official LinkedIn API to download the data, the same method used in a similar breach back in April”.
<p>It’s important to remember that when sensitive information leaks, it doesn’t affect just the website that leaked it. The users can be affected for years to come in completely unexpected ways.</p>
<p>For example, private information can be used to create synthetic identities that are then used to generate fraudulent credit card or loan applications which inevitably affects the original users but also the financial institution. Our recent <a href=\"https://www.perimeterx.com/resources/blog/2021/introducing-the-perimeterx-automated-fraud-benchmark-report/\" data-wplink-edit=\"true\">PerimeterX Automated Fraud Benchmark Report</a> found that ATO and credential stuffing are two of the most damaging types of automated attacks faced by businesses today, which affect the original website whose brand and image will inevitably suffer and whose reporting obligations and liability may be very costly.</p>
<p>It\’s concerning to see another huge data dump making Linkedin users\’ information easily available to hackers – particularly because it sets the stage for further attacks. The data of these 700 million LinkedIn users may be used to create highly convincing spear-phishing attacks which utilise the attackers’ newfound knowledge of the users and their organisations. As phishing is the most common entry point for ransomware, organisations should urge their employees to remain vigilant for follow-up attacks. While many organisations have sophisticated firewalls to protect them, attackers are still able to target their biggest vulnerability – their people.</p>
<p>This case, following a similar one involving Facebook last year, also highlights the importance of caution when it comes to sharing your data publicly on social media – in doing so, you could be arming attackers with useful information that they can use against you in the future.</p>
<p><span lang=\"EN-US\">Your phone number, e-mail address, social security number, home address are information we are constantly sharing with an increasing number of people, social media networks, and organizations. It’s only a matter of time before this information is exposed to cybercriminals if it isn’t already.</span></p>
<p><u></u><u></u><span lang=\"EN-US\">The most basic and imperative action is to know when that happens. Be mindful of your constantly growing (and never shrinking) online dossier/file. Every bit of relevant information about you can, and most likely is, added to a file with your name on it to be later sold to advertisers or used by cybercriminals for identify theft, phishing, malware campaigns, and other illegal activities.</span></p>
<p><u></u><u></u><span lang=\"EN-US\">I urge everyone to seek out and understand what the internet ‘knows’ about them to take better control of their online privacy and personal data. </span></p>
<p><u></u><u></u><span lang=\"EN-US\">While social media companies continue to improve at preventing scraping bots and other information-gathering tools, It’s our job as informed consumers to be aware of the information we expose publicly and how it can be used by cybercriminals in a worst-case scenario.</span></p>
<p style=\"font-weight: 400;\">This breach is an unfortunate reminder of how vulnerable our personal data is online and that consumers must take action over their digital identity by taking extreme caution when dealing with any unsolicited communication that they receive and ensure that they have multi-factor authentication enabled wherever possible. That way, when identity leaks like this inevitably happen, consumers can be certain that they remain safe online. There is a lot of really sensitive information in this breach that fraudsters will look to exploit by targeting individuals with uniquely tailored phishing attacks to gain access to accounts or trick unwitting consumers to transfer money. No trusted organization would ever ask someone to part with money or their sensitive information via email, SMS, or phone.</p>
<p style=\"font-weight: 400;\">On the other hand, banks need to have tools in place to prevent fraudsters from committing application fraud using information like this to set up new accounts in the victim\’s name. By using the latest identity verification technologies such as AI and biometrics in their onboarding processes, financial institutions will be able to quickly and remotely verify whether an applicant is in fact who they say they are or not.</p>
<p>From a user’s perspective, there is no difference between a data breach where company servers were hacked and someone misusing an API to obtain their data. Data loss is data loss, and attackers will find the simplest way to obtain the data they need to fund their operations. As successful attacks on infrastructure become more difficult to execute, attackers will naturally shift their focus to abusing legitimate access methods like APIs provided by businesses to access data. Where legitimate users care about terms of service, criminals won’t. This is an important detail for anyone exposing an API on the internet – it’s only a matter of time before your APIs are discovered and abused. So the key question then becomes – how quickly can you detect abnormal usage and take corrective action? The more powerful your API, the more attractive it will be to criminals.</p>