Linkedin Data Of 500 Million Users Being Sold Online

It has been reported that data from over 500 million LinkedIn users are being sold online to hackers, marking the second major cybersecurity incident to be revealed in the past week, following news of a similar occurrence involving Facebook. The trove of scraped LinkedIn data includes user IDs, full names, email addresses, phone numbers, professional titles, and other work-related data, according to security news and research group CyberNews. 

CyberNews analysts discovered the scraped data set on an online forum for hackers and were able to verify that the data was associated with LinkedIn user accounts. It’s unclear how old the data is, however, and how the bad actors obtained it. LinkedIn said in a statement that while the scraped data set contains some “publicly viewable member profile data,” it is “actually an aggregation of data from a number of websites and companies,” meaning that bad actors created the data set with information from multiple services.

Experts Comments

April 09, 2021
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin

This is a very interesting technique used by malicious actors and attackers to gain access to valuable data and information, including contact information. One could potentially argue that all of this information is in the public domain, so is it technically an unauthorized disclosure, incident, or breach. However, the consent to use this contact information is clearly where the privacy is breached, as these impacted individuals will not have given permission for their data to be shared and/or

.....Read More

This is a very interesting technique used by malicious actors and attackers to gain access to valuable data and information, including contact information. One could potentially argue that all of this information is in the public domain, so is it technically an unauthorized disclosure, incident, or breach. However, the consent to use this contact information is clearly where the privacy is breached, as these impacted individuals will not have given permission for their data to be shared and/or used for the various sales or marketing activities, and most concerningly, for dark web activities such as social engineering and phishing.

 

Trust and Security brand leaders will always be fully transparent as to the use of contact information, including consent, and take proactive measures to protect their end-users and customers contact data. It is their responsibility to do so in order to prevent cybersecurity risks such as phishing and/or other social engineering threats.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.