Massive new LinkedIn data breach hits 92 percent of users; how hacker did it and yes, you should worry
In what will horrify users, a massive LinkedIn data breach has been reported and almost everybody on it has been impacted. A new report suggests that the networking site for professionals has been hit by another breach. This time, over 700 million users appear to have been affected, accounting for over 92 percent of users on the platform. Amazingly, the first anyone heard about this LinkedIn data breach was when the hacker himself announced it! LinkedIn users need to be very worried indeed as email addresses, full names, phone numbers, physical addresses are being offered on sale and perhaps, passwords too.
LinkedIn data breach: How hacker did it
According to reports by RestorePrivacy and PrivacyShark, the hacker behind the data leak appears to have accessed the data from the website using the company’s API, or Application Programming Interface -- a software intermediary that allows two services to communicate with each other. Malicious actors misuse APIs to perform ‘data scraping’ to collect publicly available information from websites.
LinkedIn data: Hacker announces sale
On June 22, the breach was announced on a forum by the alleged hacker, who offered the data of 700 million users for sale, according to the report. RestorePrivacy was also able to verify a sample of the data containing the information of one million LinkedIn users that was put out by the hacker. It reportedly contains email addresses, full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experience or background, genders, and other social media accounts and usernames.
LinkedIn account passwords: On sale too?
While the data breach does not reportedly contain any passwords, the fact that all of this publicly available information was ready to be scraped off the web is not a good sign at all for worried LinkedIn account holders. The data could also be misused by nefarious individuals or groups to gain access to people’s accounts by impersonating them. It could also be used for identity theft, as such a large amount of data reveals a lot about individual users.
LinkedIn data breach: Can you verify your account's safety?
There is no way for individual users to verify if they have been affected by the LinkedIn data breach at the time of publishing this article. However, they can visit security researcher Troy Hunt’s website Have I Been Pwned or Firefox Monitor and enter the email address they registered with LinkedIn to be alerted once the data from the breach becomes available to search on these services.
How LinkedIn Reacted
LinkedIn issued a statement on the issue, claiming that this was not a data breach and that no private LinkedIn member data was exposed. “Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update,” the statement said.
LinkedIn threatens action
The Microsoft-owned company also appears prepared to take action against the individual for leaking the data. “Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable,” the company said in the statement.
Shockingly, in recent months, many large internet firms have suffered from data breaches, and Microsoft LinkedIn is no exception. Earlier this year, news surfaced that scraped data of 500 million LinkedIn users was up for sale online.