Cybercriminals are selling the data of 700 million LinkedIn users on a hacking forum. A very similar selling occurred in April, when the data of around 500 million LinkedIn members was marketed on a hacking platform, according to Threat Post.
Security experts analyzed data extracted from free samples provided by hackers and discovered email addresses, gender, full names, industry information, and even phone numbers. They believe the data was obtained via scraping public LinkedIn profiles since this was the technique employed in the April sale.
The hacker community where the advertisement was posted is called RaidForums, and the cybercriminal who posted it goes by the name of “GOD User TomLiner.” According to experts at Privacy Sharks, the proof is provided by a sample of one million records.
According to Privacy Shark’s blog post, “This time around, we cannot be sure whether or not the records are a cumulation of data from previous breaches and public profiles, or whether the information is from private accounts”.
“We employ a strict policy of not supporting sellers of stolen data and, therefore, have not purchased the leaked list to verify all of the records”.
Cybercriminals may steal the identities of LinkedIn users or spam them
Researchers warned that a skilled hacker may use an email address or a phone number as a starting point for developing sophisticated cyberattacks. By leveraging personal information such as gender or place of work, the cybercriminal may approach social engineering and launch automated targeted attacks.
Even if no credit/debit card information or other sensitive data were scraped, the incident puts impacted LinkedIn members at risk. If hackers buy their personal information such as phone numbers and email addresses, some LinkedIn users’ identities may be stolen, or they may be targeted by spam campaigns.
As Candid Wuest, Acronis’s vice president of cyber-protection research pointed out, making money on the Dark Web, engaging in extortion, and receiving Personalized phishing emails are all often linked with data collections that include this kind of personal information.
The usage of two-factor authentication on LinkedIn, as well as the use of stronger passwords, is highly recommended for all users.