BACKGROUND:
As reported by 9to5mac a second massive Linkedin breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users.
“The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up-to-date …
No passwords are included, but as the site notes, this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites. With the previous breach, LinkedIn did confirm that the 500M records included data obtained from its servers, but claimed that more than one source was used. Hacker appears to have misused the official LinkedIn API to download the data, the same method used in a similar breach back in April”.
Experts Comments
Your phone number, e-mail address, social security number, home address are information we are constantly sharing with an increasing number of people, social media networks, and organizations. It’s only a matter of time before this information is exposed to cybercriminals if it isn’t already.
The most basic and imperative action is to know when that happens. Be mindful of your constantly growing (and never shrinking) online dossier/file. Every bit of relevant information about you can, and most
.....Read MoreYour phone number, e-mail address, social security number, home address are information we are constantly sharing with an increasing number of people, social media networks, and organizations. It’s only a matter of time before this information is exposed to cybercriminals if it isn’t already.
The most basic and imperative action is to know when that happens. Be mindful of your constantly growing (and never shrinking) online dossier/file. Every bit of relevant information about you can, and most likely is, added to a file with your name on it to be later sold to advertisers or used by cybercriminals for identify theft, phishing, malware campaigns, and other illegal activities.
I urge everyone to seek out and understand what the internet ‘knows’ about them to take better control of their online privacy and personal data.
While social media companies continue to improve at preventing scraping bots and other information-gathering tools, It’s our job as informed consumers to be aware of the information we expose publicly and how it can be used by cybercriminals in a worst-case scenario.
Read LessLinkedin Message
@Alex Balan, Director, Security Research, provides expert commentary at @Information Security Buzz.
"I urge everyone to seek out and understand what the internet ‘knows’ about them to take better control of their online privacy and personal data. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
Facebook Message
@Alex Balan, Director, Security Research, provides expert commentary at @Information Security Buzz.
"I urge everyone to seek out and understand what the internet ‘knows’ about them to take better control of their online privacy and personal data. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
It's concerning to see another huge data dump making Linkedin users' information easily available to hackers - particularly because it sets the stage for further attacks. The data of these 700 million LinkedIn users may be used to create highly convincing spear-phishing attacks which utilise the attackers’ newfound knowledge of the users and their organisations. As phishing is the most common entry point for ransomware, organisations should urge their employees to remain vigilant for
.....Read MoreIt's concerning to see another huge data dump making Linkedin users' information easily available to hackers - particularly because it sets the stage for further attacks. The data of these 700 million LinkedIn users may be used to create highly convincing spear-phishing attacks which utilise the attackers’ newfound knowledge of the users and their organisations. As phishing is the most common entry point for ransomware, organisations should urge their employees to remain vigilant for follow-up attacks. While many organisations have sophisticated firewalls to protect them, attackers are still able to target their biggest vulnerability – their people.
This case, following a similar one involving Facebook last year, also highlights the importance of caution when it comes to sharing your data publicly on social media – in doing so, you could be arming attackers with useful information that they can use against you in the future.
Read LessLinkedin Message
@Jack Chapman, VP of Threat Intelligence, provides expert commentary at @Information Security Buzz.
"As phishing is the most common entry point for ransomware, organisations should urge their employees to remain vigilant for follow-up attacks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
Facebook Message
@Jack Chapman, VP of Threat Intelligence, provides expert commentary at @Information Security Buzz.
"As phishing is the most common entry point for ransomware, organisations should urge their employees to remain vigilant for follow-up attacks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
This breach is an unfortunate reminder of how vulnerable our personal data is online and that consumers must take action over their digital identity by taking extreme caution when dealing with any unsolicited communication that they receive and ensure that they have multi-factor authentication enabled wherever possible. That way, when identity leaks like this inevitably happen, consumers can be certain that they remain safe online. There is a lot of really sensitive information in this breach
.....Read MoreThis breach is an unfortunate reminder of how vulnerable our personal data is online and that consumers must take action over their digital identity by taking extreme caution when dealing with any unsolicited communication that they receive and ensure that they have multi-factor authentication enabled wherever possible. That way, when identity leaks like this inevitably happen, consumers can be certain that they remain safe online. There is a lot of really sensitive information in this breach that fraudsters will look to exploit by targeting individuals with uniquely tailored phishing attacks to gain access to accounts or trick unwitting consumers to transfer money. No trusted organization would ever ask someone to part with money or their sensitive information via email, SMS, or phone.
On the other hand, banks need to have tools in place to prevent fraudsters from committing application fraud using information like this to set up new accounts in the victim's name. By using the latest identity verification technologies such as AI and biometrics in their onboarding processes, financial institutions will be able to quickly and remotely verify whether an applicant is in fact who they say they are or not.
Read LessLinkedin Message
@Benoit Grangé, Chief Technology Evangelist, provides expert commentary at @Information Security Buzz.
"This breach is an unfortunate reminder of how vulnerable our personal data is online and that consumers must take action over their digital identity...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
Facebook Message
@Benoit Grangé, Chief Technology Evangelist, provides expert commentary at @Information Security Buzz.
"This breach is an unfortunate reminder of how vulnerable our personal data is online and that consumers must take action over their digital identity...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
From a user’s perspective, there is no difference between a data breach where company servers were hacked and someone misusing an API to obtain their data. Data loss is data loss, and attackers will find the simplest way to obtain the data they need to fund their operations. As successful attacks on infrastructure become more difficult to execute, attackers will naturally shift their focus to abusing legitimate access methods like APIs provided by businesses to access data. Where legitimate
.....Read MoreFrom a user’s perspective, there is no difference between a data breach where company servers were hacked and someone misusing an API to obtain their data. Data loss is data loss, and attackers will find the simplest way to obtain the data they need to fund their operations. As successful attacks on infrastructure become more difficult to execute, attackers will naturally shift their focus to abusing legitimate access methods like APIs provided by businesses to access data. Where legitimate users care about terms of service, criminals won’t. This is an important detail for anyone exposing an API on the internet – it’s only a matter of time before your APIs are discovered and abused. So the key question then becomes – how quickly can you detect abnormal usage and take corrective action? The more powerful your API, the more attractive it will be to criminals.
Read LessLinkedin Message
@Tim Mackey, Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center), provides expert commentary at @Information Security Buzz.
"Data loss is data loss, and attackers will find the simplest way to obtain the data they need to fund their operations...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
Facebook Message
@Tim Mackey, Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center), provides expert commentary at @Information Security Buzz.
"Data loss is data loss, and attackers will find the simplest way to obtain the data they need to fund their operations...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
LinkedIn urgently need to look at how their APIs are used. A function designed to retrieve information about one person can have a negative impact when used to fetch a million records. Modern analytics and big data have changed the way we view information; in the old days I was happy for my phone number and address to be in a telephone directory when it was a paper book and hard to get at, but now everything is instantly available across the globe I’m much less happy.
Linkedin Message
@Mark Rodbert, Founder and CEO, provides expert commentary at @Information Security Buzz.
"LinkedIn urgently need to look at how their APIs are used...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
Facebook Message
@Mark Rodbert, Founder and CEO, provides expert commentary at @Information Security Buzz.
"LinkedIn urgently need to look at how their APIs are used...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
While LinkedIn may not have been the victim of a data breach, this development proves that motivated attackers are still capable of gleaning and leveraging publicly-available information that can have broad implications on consumers. This is a stark reminder of the amount of information that cybercriminals have at their disposal to carry out dangerous and hard to spot phishing and credential stuffing attacks. It should also serve as a warning to users to remain diligent in their use of
.....Read MoreWhile LinkedIn may not have been the victim of a data breach, this development proves that motivated attackers are still capable of gleaning and leveraging publicly-available information that can have broad implications on consumers. This is a stark reminder of the amount of information that cybercriminals have at their disposal to carry out dangerous and hard to spot phishing and credential stuffing attacks. It should also serve as a warning to users to remain diligent in their use of passwords, including changing passwords regularly and not reusing them across multiple sites, as well as always using multi-factor authentication whenever possible.
Read LessLinkedin Message
@Jim Gogolinski, Vice President of Threat Intel and Research, provides expert commentary at @Information Security Buzz.
"It should also serve as a warning to users to remain diligent in their use of passwords...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
Facebook Message
@Jim Gogolinski, Vice President of Threat Intel and Research, provides expert commentary at @Information Security Buzz.
"It should also serve as a warning to users to remain diligent in their use of passwords...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
Cybercriminals use tools to scrape open platforms such as social media in order to link it with other compromised data. Although this method is not a typical data breach, the impact can still be the same. This data may have been public but the tools used made it easy for it to be collected in one simple move and collated in one location - and even sold on the dark web.
Malicious actors can do a lot of damage with a large list containing personal information. The big risk is identity theft but
.....Read MoreCybercriminals use tools to scrape open platforms such as social media in order to link it with other compromised data. Although this method is not a typical data breach, the impact can still be the same. This data may have been public but the tools used made it easy for it to be collected in one simple move and collated in one location - and even sold on the dark web.
Malicious actors can do a lot of damage with a large list containing personal information. The big risk is identity theft but follow up phishing emails are also inevitable for those affected.
Together with previous and even recent high profile breaches many people's passwords are also readily available on the dark web so it quickly and simply becomes a series of joining the dots. This risk is then increased due to the fact that many people use the same passwords across multiple accounts.
Read Less
Linkedin Message
@Jake Moore, Cybersecurity Specialist, provides expert commentary at @Information Security Buzz.
"Malicious actors can do a lot of damage with a large list containing personal information...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
Facebook Message
@Jake Moore, Cybersecurity Specialist, provides expert commentary at @Information Security Buzz.
"Malicious actors can do a lot of damage with a large list containing personal information...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
Be part of our growing Information Security Expert Community (1000+), please register here.
It’s important to remember that when sensitive information leaks, it doesn’t affect just the website that leaked it. The users can be affected for years to come in completely unexpected ways.
For example, private information can be used to create synthetic identities that are then used to generate fraudulent credit card or loan applications which inevitably affects the original users but also the financial institution. Our recent PerimeterX Automated Fraud Benchmark Report found that ATO and
.....Read MoreIt’s important to remember that when sensitive information leaks, it doesn’t affect just the website that leaked it. The users can be affected for years to come in completely unexpected ways.
For example, private information can be used to create synthetic identities that are then used to generate fraudulent credit card or loan applications which inevitably affects the original users but also the financial institution. Our recent PerimeterX Automated Fraud Benchmark Report found that ATO and credential stuffing are two of the most damaging types of automated attacks faced by businesses today, which affect the original website whose brand and image will inevitably suffer and whose reporting obligations and liability may be very costly.
Read LessLinkedin Message
@Uriel Maimon, Senior Director of Emerging Technologies, provides expert commentary at @Information Security Buzz.
"Web app security is everyone’s problem, and we must all work together to make the web a safer place...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users
Facebook Message
@Uriel Maimon, Senior Director of Emerging Technologies, provides expert commentary at @Information Security Buzz.
"Web app security is everyone’s problem, and we must all work together to make the web a safer place...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-linkedin-breach-reportedly-exposes-data-of-92-of-users