92% of LinkedIn Users Information Scraped, …
As it turns out, lightning does strike twice in the same place. Early adopters of LinkedIn will remember the 2012 hack that saw 6.5 million usernames and passwords leaked by Russian cybercriminals. And now, roughly 92% of the professional networking site’s user information has been compromised.
That’s 700 million users whose personal information has been scraped and posted for sale on the dark web. That data includes:
- Email Addresses
- Full names
- Phone numbers
- Physical addresses
- Geolocation records
- LinkedIn username and profile URL
- Personal and professional experience/background
- Other social media accounts and usernames
Passwords and personal banking information were spared from this data leak, and, as the MalwareBytes Labs team mentions in their blog post on this topic, it is not a breach, but a result of a scrape, the compromise opens up users to a variety of identity theft scams.
In a statement given to Privacy Shark from Leonna Spilman, who spoke on behalf of LinkedIn, the company claims it’s not exactly a “breach”: “While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
MalwareBytes, a Data Connectors Community Partner, offered solid advice on how to handle a breach like this, which really doesn’t offer much personal information.
First, the team suggested auditing and updating your LinkedIn profile, and ensure that its contents are all things you’d want seen publicly. After all, a leak like this will open you up to SMS, email and robocall scams.
Next, like all cybersecurity professionals likely already do – enable two-factor authentication. And get an idea of where your email and phone numbers have already been published on a site like HaveIBeenPwned.com.
Recent news posts
Your Weekly DHS/CISA Threat Assessment (September 14)
Assistant to the Special Agent in Charge at USSS-DHS Leads Keynote Presentation in Philadelphia
CISA Insights: Risk Considerations for Managed Service Provider Customers
Your Weekly DHS/CISA Threat Assessment (September 3)
CISA Alert: Ransomware Awareness for Holidays and Weekends
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.