It has been reported that data from over 500 million LinkedIn users are being sold online to hackers, marking the second major cybersecurity incident to be revealed in the past week, following news of a similar occurrence involving Facebook. The trove of scraped LinkedIn data includes user IDs, full names, email addresses, phone numbers, professional titles, and other work-related data, according to security news and research group CyberNews.
CyberNews analysts discovered the scraped data set on an online forum for hackers and were able to verify that the data was associated with LinkedIn user accounts. It’s unclear how old the data is, however, and how the bad actors obtained it. LinkedIn said in a statement that while the scraped data set contains some “publicly viewable member profile data,” it is “actually an aggregation of data from a number of websites and companies,” meaning that bad actors created the data set with information from multiple services.
<p>This is a very interesting technique used by malicious actors and attackers to gain access to valuable data and information, including contact information. One could potentially argue that all of this information is in the public domain, so is it technically an unauthorized disclosure, incident, or breach. However, the consent to use this contact information is clearly where the privacy is breached, as these impacted individuals will not have given permission for their data to be shared and/or used for the various sales or marketing activities, and most concerningly, for dark web activities such as social engineering and phishing.</p> <p> </p> <p>Trust and Security brand leaders will always be fully transparent as to the use of contact information, including consent, and take proactive measures to protect their end-users and customers contact data. It is their responsibility to do so in order to prevent cybersecurity risks such as phishing and/or other social engineering threats.</p>