LinkedIn is the latest victim of a massive breach and the data of more than 500 million of its users has been taken from the platform and put up for sale online. The dataset includes sensitive information such as email addresses, phone numbers, workplace information, full names, account IDs, links to their social media accounts, and sex details.
The hacked data was allegedly sold by an unknown user on a hacker forum, who downloaded the data of over two million users as evidence. The hacker is demanding a four-digit amount (in USD) in exchange for the hacked data, potentially in the form of Bitcoin. This comes just days after an equally massive leak of data scraped from over 500 million Facebook users.
LinkedIn has over 740 million users, the company mentions it on its website, which means that the data of more than two-thirds of its subscribers has been compromised and sold online.
The hacker is only selling for a four-figure amount - why so cheap?
“Since the leaked data doesn't contain any payment card details and passwords, they are less valuable and won't sell for much on the dark web anyway. However, they contain valuable personal information (workplace information, emails, links to social accounts), which is why they have not been made public for free, "he comments. Candid Wuest, VP of cyber protection research at Acronis, leader company in Cyber Protection.
“It is not uncommon to see such datasets used to send personalized phishing emails, extort ransoms or earn money on the dark web - especially now that many hackers target LinkedIn job seekers with bogus job postings, infecting with a backdoor Trojan. . For example, such personalized phishing attacks with LinkedIn bait were used by the Golden Chicken group last week, ”continues Wuest.
Is there anything new / surprising about this incident?
“Unfortunately, we have already gotten used to the numerous reports of data breaches and are no longer surprised. There was just a data leak of Facebook's 500 million records earlier this week - with Facebook claiming that this dataset was generated by a bot abusing a vulnerability that was fixed in 2019. It has yet to be confirmed if the data was collected by a new scraping bot, if the hacker abused a vulnerability on the backend or if it contains data from previous LinkedIn breaches. "
What actions should users with leaked personal data take now, as well as being very vigilant and careful?
“There is now a greater risk of phishing on LinkedIn, SMS spam, as well as password reset attacks and attacks against other services that use SMS for MFA are now more likely. Users should therefore be on the lookout for suspicious LinkedIn messages and switch from the SMS-based MFA service, where possible, to critical accounts, ”concludes Candid Wuest.