Just days after a Facebook data leak was revealed, security experts have discovered another one, this time the victim being LinkedIn as a huge pile of data containing the personal information of 500 million LinkedIn users has been found on sale on a popular hacking forum.
To prove the legitimacy of the data leak, the poster has included nearly 2 million records as a sample, which forum members can view for $2 worth of forum credits. The leaked data includes user names, contact numbers, email addresses, links to other social media profiles, and users’ workplace details. While, the data does not contain credit card information, legal documents, or other financial information that could be used for scams.
However, security researchers warned that lack of financial information does not mean that it is not dangerous. Hackers could misuse the data to create detailed profiles of their potential victims and then conduct targeted phishing or social engineering attacks. They could also use the information to spam emails and contact numbers, or brute-force the passwords of LinkedIn profiles and linked email addresses.
The threat actor has demanded a minimum of ‘four-digit sum in turn for access to the entire 500 million-user databases. Cybernews confirmed that the data in the sample was scraped from LinkedIn, although it remains unclear if the leaked files contain the latest information, or if it was taken from the previous data breach.
5 steps to protect your LinkedIn account
Across the globe, there are nearly 740 million user profiles on LinkedIn. If we presume that the hacker is telling the truth, then the data of 500 million users is on the hacking forum. Considering that, LinkedIn users should take all the necessary precautions to protect their accounts by:
• Creating a strong and unique password, and storing it in a password manager.
• Enabling two-factor authentication (2FA) on all your online accounts.
• Downloading strong anti-phishing and anti-malware software.
• Learning to identify phishing emails and text messages.
• Reporting to the cyber police if any problem arises.
This is not the first time that hackers have targeted LinkedIn users. In 2012, hackers were able to steal password hashes of nearly 170 million LinkedIn users. The stolen data was in the private hands for almost 4 years before appearing on the dark web in 2016.