Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label LinkedIn Users. Show all posts

Hackers Leaks Scraped LinkedIn Data of 35 Million Users


Threat actors have recently leaked personal information of over 35 million online users, by illicitly accessing a LinkedIn database. Apparently, the hackers are operating under the name ‘USDOD.’

The database, on the other hand, has been released in a popular cybercrime forum, Breach Forums. 

It is significant to note that USDoD is the same hacker who compromised the FBI's InfraGard security platform last year, revealing 87,000 members' personal information.

In a post on Breach Forums, the hacker verified that web scraping was used to access the most recent LinkedIn information. Web scraping is a software-driven, automated process that extracts data from websites, usually with the purpose of obtaining certain information from web pages.

As revealed by Hackread, the leaked data included publicly available information regarding the victims’ LinkedIn profiles, such as full names and profile bios. While this data also contains millions of email addresses, the hackers could not get hold of the passwords.

Email addresses from senior US government officials and organizations are exposed in the leak. Email addresses from other international government agencies have also been found.

Legitimacy of LinkedIn Data: Is it Authentic?

After analyzing more than 5 million accounts in the database, Troy Hunt of HaveIBeenPwned came to the conclusion that the data was a combination of information from other sources, including fraudulent email addresses and public LinkedIn profiles. Troy notes that the individuals, businesses, domain names, and a large number of email addresses are real, even though some of the information may be anecdotal or largely made up.

"Because the conclusion is that there’s a significant component of legitimate data in this corpus, I’ve loaded it into HIBP[…]But because there are also a significant number of fabricated email addresses in there, I’ve flagged it as a spam list which means the addresses won’t impact the scale of anyone’s paid subscription if they’re monitoring domains," Hunt explained.

This however was not the first time when the LinkedIn information was being leaked online by threat actors. A similar case happened back in April 2021, where 2 scrapped LinkedIn databases went on sale with 500 million and 827 million records. Also, in June 2021, a hacker sold a LinkedIn database that contained information about around 700 million users.  

Data Stolen from 500 Million LinkedIn Users Leaked Online

 

Just days after a Facebook data leak was revealed, security experts have discovered another one, this time the victim being LinkedIn as a huge pile of data containing the personal information of 500 million LinkedIn users has been found on sale on a popular hacking forum.

To prove the legitimacy of the data leak, the poster has included nearly 2 million records as a sample, which forum members can view for $2 worth of forum credits. The leaked data includes user names, contact numbers, email addresses, links to other social media profiles, and users’ workplace details. While, the data does not contain credit card information, legal documents, or other financial information that could be used for scams.

However, security researchers warned that lack of financial information does not mean that it is not dangerous. Hackers could misuse the data to create detailed profiles of their potential victims and then conduct targeted phishing or social engineering attacks. They could also use the information to spam emails and contact numbers, or brute-force the passwords of LinkedIn profiles and linked email addresses. 

The threat actor has demanded a minimum of ‘four-digit sum in turn for access to the entire 500 million-user databases. Cybernews confirmed that the data in the sample was scraped from LinkedIn, although it remains unclear if the leaked files contain the latest information, or if it was taken from the previous data breach.

5 steps to protect your LinkedIn account

Across the globe, there are nearly 740 million user profiles on LinkedIn. If we presume that the hacker is telling the truth, then the data of 500 million users is on the hacking forum. Considering that, LinkedIn users should take all the necessary precautions to protect their accounts by:

• Creating a strong and unique password, and storing it in a password manager.

• Enabling two-factor authentication (2FA) on all your online accounts.

• Downloading strong anti-phishing and anti-malware software. 

• Learning to identify phishing emails and text messages.

• Reporting to the cyber police if any problem arises. 

This is not the first time that hackers have targeted LinkedIn users. In 2012, hackers were able to steal password hashes of nearly 170 million LinkedIn users. The stolen data was in the private hands for almost 4 years before appearing on the dark web in 2016.