Linkedin Data Of 500 Million Users Being Sold Online

By   ISBuzz Team
Writer , Information Security Buzz | Apr 09, 2021 03:31 am PST

It has been reported that data from over 500 million LinkedIn users are being sold online to hackers, marking the second major cybersecurity incident to be revealed in the past week, following news of a similar occurrence involving Facebook. The trove of scraped LinkedIn data includes user IDs, full names, email addresses, phone numbers, professional titles, and other work-related data, according to security news and research group CyberNews. 

CyberNews analysts discovered the scraped data set on an online forum for hackers and were able to verify that the data was associated with LinkedIn user accounts. It’s unclear how old the data is, however, and how the bad actors obtained it. LinkedIn said in a statement that while the scraped data set contains some “publicly viewable member profile data,” it is “actually an aggregation of data from a number of websites and companies,” meaning that bad actors created the data set with information from multiple services.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Niamh Muldoon
Niamh Muldoon , Senior Director of Trust and Security EMEA
April 9, 2021 11:30 am

<p>This is a very interesting technique used by malicious actors and attackers to gain access to valuable data and information, including contact information. One could potentially argue that all of this information is in the public domain, so is it technically an unauthorized disclosure, incident, or breach. However, the consent to use this contact information is clearly where the privacy is breached, as these impacted individuals will not have given permission for their data to be shared and/or used for the various sales or marketing activities, and most concerningly, for dark web activities such as social engineering and phishing.</p> <p> </p> <p>Trust and Security brand leaders will always be fully transparent as to the use of contact information, including consent, and take proactive measures to protect their end-users and customers contact data. It is their responsibility to do so in order to prevent cybersecurity risks such as phishing and/or other social engineering threats.</p>

Last edited 2 years ago by Niamh Muldoon

Recent Posts

Would love your thoughts, please comment.x