Experts Reaction On Linkedin Breach Reportedly Exposes Data Of 92% Of Users

It’s important to remember that when sensitive information leaks, it doesn’t affect just the website that leaked it. The users can be affected for years to come in completely unexpected ways.

For example, private information can be used to create synthetic identities that are then used to generate fraudulent credit card or loan applications which inevitably affects the original users but also the financial institution. Our recent PerimeterX Automated Fraud Benchmark Report found that ATO and credential stuffing are two of the most damaging types of automated attacks faced by businesses today, which affect the original website whose brand and image will inevitably suffer and whose reporting obligations and liability may be very costly.

Your phone number, e-mail address, social security number, home address are information we are constantly sharing with an increasing number of people, social media networks, and organizations. It’s only a matter of time before this information is exposed to cybercriminals if it isn’t already.

The most basic and imperative action is to know when that happens. Be mindful of your constantly growing (and never shrinking) online dossier/file. Every bit of relevant information about you can, and most likely is, added to a file with your name on it to be later sold to advertisers or used by cybercriminals for identify theft, phishing, malware campaigns, and other illegal activities.

I urge everyone to seek out and understand what the internet ‘knows’ about them to take better control of their online privacy and personal data. 

While social media companies continue to improve at preventing scraping bots and other information-gathering tools, It’s our job as informed consumers to be aware of the information we expose publicly and how it can be used by cybercriminals in a worst-case scenario.

It's concerning to see another huge data dump making Linkedin users' information easily available to hackers - particularly because it sets the stage for further attacks. The data of these 700 million LinkedIn users may be used to create highly convincing spear-phishing attacks which utilise the attackers’ newfound knowledge of the users and their organisations. As phishing is the most common entry point for ransomware, organisations should urge their employees to remain vigilant for follow-up attacks. While many organisations have sophisticated firewalls to protect them, attackers are still able to target their biggest vulnerability – their people.

This case, following a similar one involving Facebook last year, also highlights the importance of caution when it comes to sharing your data publicly on social media – in doing so, you could be arming attackers with useful information that they can use against you in the future.

This breach is an unfortunate reminder of how vulnerable our personal data is online and that consumers must take action over their digital identity by taking extreme caution when dealing with any unsolicited communication that they receive and ensure that they have multi-factor authentication enabled wherever possible. That way, when identity leaks like this inevitably happen, consumers can be certain that they remain safe online. There is a lot of really sensitive information in this breach that fraudsters will look to exploit by targeting individuals with uniquely tailored phishing attacks to gain access to accounts or trick unwitting consumers to transfer money. No trusted organization would ever ask someone to part with money or their sensitive information via email, SMS, or phone.

On the other hand, banks need to have tools in place to prevent fraudsters from committing application fraud using information like this to set up new accounts in the victim's name. By using the latest identity verification technologies such as AI and biometrics in their onboarding processes, financial institutions will be able to quickly and remotely verify whether an applicant is in fact who they say they are or not.

From a user’s perspective, there is no difference between a data breach where company servers were hacked and someone misusing an API to obtain their data. Data loss is data loss, and attackers will find the simplest way to obtain the data they need to fund their operations. As successful attacks on infrastructure become more difficult to execute, attackers will naturally shift their focus to abusing legitimate access methods like APIs provided by businesses to access data. Where legitimate users care about terms of service, criminals won’t. This is an important detail for anyone exposing an API on the internet – it’s only a matter of time before your APIs are discovered and abused. So the key question then becomes – how quickly can you detect abnormal usage and take corrective action? The more powerful your API, the more attractive it will be to criminals.

While LinkedIn may not have been the victim of a data breach, this development proves that motivated attackers are still capable of gleaning and leveraging publicly-available information that can have broad implications on consumers. This is a stark reminder of the amount of information that cybercriminals have at their disposal to carry out dangerous and hard to spot phishing and credential stuffing attacks. It should also serve as a warning to users to remain diligent in their use of passwords, including changing passwords regularly and not reusing them across multiple sites, as well as always using multi-factor authentication whenever possible.

Cybercriminals use tools to scrape open platforms such as social media in order to link it with other compromised data. Although this method is not a typical data breach, the impact can still be the same. This data may have been public but the tools used made it easy for it to be collected in one simple move and collated in one location - and even sold on the dark web.

Malicious actors can do a lot of damage with a large list containing personal information. The big risk is identity theft but follow up phishing emails are also inevitable for those affected.

Together with previous and even recent high profile breaches many people's passwords are also readily available on the dark web so it quickly and simply becomes a series of joining the dots. This risk is then increased due to the fact that many people use the same passwords across multiple accounts.