According to news reports a couple of months ago, LinkedIn suffered a major data breach. In this incident, the data of around 500 million users was leaked. Reportedly, there has now been another massive data breach at LinkedIn. This time around, the data of around 700 million users has been leaked. LinkedIn has approximately 756 million users.
Sources reveal that 92% of LinkedIn users have been affected by this data breach. The latest LinkedIn data leak reportedly includes the inferred salaries of the users as well.
A publication, RestorePrivacy, which covers topics related to privacy and data security, claims that a user on a popular hacking-oriented forum advertised data of 700 million LinkedIn users for sale. The user reportedly also posted a sample of the leaked data, which includes information of 1 million LinkedIn users.
RestorePrivacy examined and cross-checked the data sample and found that the “data is authentic and tied to real users.” The publication also says that that “data does appear to be up to date, with samples from 2020 to 2021.”
RestorePrivacy has also found that the data set has full names, LinkedIn username and profile URL, email addresses, phone numbers, physical addresses, geolocation records, genders, personal and professional experience/backgrounds, inferred salaries, and details regarding other social media account and usernames.
Fortunately, the leaked data does not have login credentials and financial data. However, the publication states that “there is still a treasure trove of information for bad actors to exploit for financial gain.”
RestorePrivacy reached out to the user who posted the leaked data for sale. He claims that the data was obtained by exploiting the “LinkedIn API to harvest information that people upload to the site.” According to the publication, bad actors can use the data for identity theft, phishing attempts, social engineering attacks, and hacked accounts.
RestorePrivacy says “it does not appear that LinkedIn servers were hacked or there was a full “breach” in the traditional sense of the term. Instead, however, the data was harvested through LinkedIn’s own API by threat actors.” LinkedIn is yet to officially confirm the data leak.