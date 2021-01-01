from the here-we-go-again dept.
Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground:
After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it’s happened again – with big security ramifications. A new posting with 700 million LinkedIn records has appeared on a popular hacker forum, according to researchers.
Analysts from Privacy Sharks stumbled across the data put up for sale on RaidForums by a hacker calling himself “GOD User TomLiner.” The advertisement, posted June 22, claims that 700 million records are included in the cache, and included a sample of 1 million records as “proof.”
Privacy Sharks examined the free sample and saw that the records include full names, gender, email addresses, phone numbers and industry information. It’s unclear what the origin of the data is – but the scraping of public profiles is a likely source. That was the engine behind the collection of 500 million LinkedIn records that went up for sale in April. It contained an “aggregation of data from a number of websites and companies” as well “publicly viewable member profile data,” LinkedIn said at the time.
According to LinkedIn, no breach of its networks has occurred this time, either:
“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources,” according to the company’s press statement. “This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
“This time around, we cannot be sure whether or not the records are a cumulation of data from previous breaches and public profiles, or whether the information is from private accounts,” according to Privacy Shark’s blog post, published Monday. “We employ a strict policy of not supporting sellers of stolen data and, therefore, have not purchased the leaked list to verify all of the records.”
There are are 200 million more records available in the collection this time around, so it’s probable that new data has been scraped and that it’s more than a rehash of the previous group of records, researchers added.
(Score: 0) by Anonymous Coward on Tuesday June 29, @07:55AM
What is "LinkedIn"? Some Microsoft sorcercy?
(Score: 3, Informative) by MostCynical on Tuesday June 29, @08:17AM (1 child)
Email addresses and phone numbers aren't part of a linkedin public profile, so can't have been scraped..
..so, either this was some data matching across multiple sites, or linkedin is lying and was hacked.
(Score: 2) by Snospar on Tuesday June 29, @08:42AM
They have been hacked before, withheld the fact, lied about the extent of the problem and were eventually found out years after the initial breach.