Half A Billion LinkedIn Members Found For Sale

Only a few days after discovery of a massive dump of Facebook user datathere has been a second enormous data theft, this time involving LinkedIn. 
 
An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum. IDs, names, email addresses and more personal details are part of the massive database of stolen data, which could be used to launch additional attacks on LinkedIn and its users. 
 
The data leak was posted to a forum popular with hackers by a user asking for a "four-digit $$$$ minimum price" for access to the full database of stolen account information.
 
To prove the legitimacy of the info, the leaker included two million records as a sample that users on the form can view for $2 worth of forum-specific credits. CyberNews researchers were able to confirm that the data contained in the sample was legitimate, but added that, "It's unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies." Included in the leaked data was "a variety of mostly professional information," including LinkedIn IDs, full names, email addresses, phone numbers, user gender, links to LinkedIn profiles, links to other connected social media profiles, professional titles and other work-related data. 
 
The leaked data doesn't appear to contain any credit card, other financial details or legal documents that could be used for fraud, although the lack of financial or identification documentation doesn't mean the leaked data isn't dangerous as a determined attacker can combine information found in the leaked files with other data breaches in order to create detailed profiles of their potential victims. "With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum," CyberNews said. 
 
LinkedIn says it has nearly 740m users worldwide and if the leaker selling this batch of stolen data is telling the truth, then almost anyone with a LinkedIn account could be among the 500 million leaked records. 
 
LinkedIn users should take precautions to protect their accounts and their personal data by:   
 
  • Changing LinkedIn account passwords and email account passwords associated with LinkedIn profiles.
  • Being wary of LinkedIn messages and connection requests from unknown people.
  • Learning to identify phishing emails and text messages.
  • Never opening links to websites from an email, and instead navigating to a site manually and logging in there. 
  • Installing strong anti-phishing and anti-malware software. 
 
In addition to taking proper precautions with your security, it's also a good idea to subscribe to a website like Have I Been Pwned, which will notify you if your email address is found in a data breach that it has scanned and added to its master database of compromised accounts.  If your information appears in a Have I Been Pwned search, it's important to take action immediately using the above security tips.
 
LinkedIn:      Techrepublic:        CyberNews:       HaveIBeenPwnd:      Inspired eLearning:     Image: Unsplash
 
You Might Also Read: 
 
LinkedIn Used As The Vehicle For A Global Scam:
 
« FatFace Pays $2million Ransom To Cyber Criminals
Credentials Phishing Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

4Secure

4Secure

4Secure is a cyber security company providing services and solutions to counter and respond to the most sophisticated and targeted cyber threats.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

National Institute of Information and Communications Technology (NICT)

National Institute of Information and Communications Technology (NICT)

NICT is Japan’s sole National Research and Development Agency specializing in the field of information and communications technology.

Future of Cyber Security Europe

Future of Cyber Security Europe

Future of Cyber Security Europe is a European wide event examining the latest cyber security strategies and technologies.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

Cysiv

Cysiv

Cysiv SOC-as-a-Service combines all the elements of an advanced, proactive, threat hunting SOC, with a managed security stack for hybrid cloud, network, and endpoint security.

Nucleus Security

Nucleus Security

Nucleus is a leading Vulnerability Management platform for Large Enterprises, MSPs/MSSPs, and Application Security Teams that want more from their vulnerability management tools.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

ClearHub

ClearHub

The aim of ClearHub is simple: to give businesses like yours access to the best talent, all screened and technically tested by Clearvision’s expert team.

Open Quantum Safe (OQS)

Open Quantum Safe (OQS)

The Open Quantum Safe (OQS) project is an open-source project that aims to support the development and prototyping of quantum-resistant cryptography.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

DH2i Company

DH2i Company

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

Telindus

Telindus

Telindus is the strategic IT partner for the flexible organization of the future. We build optimal IT infrastructure with four components: networking, cloud, cybersecurity and data & AI.

Ceeyu

Ceeyu

Ceeyu is an all-in-one cybersecurity ratings and third party risk management platform.

Ionize

Ionize

Ionize offers solutions to help you uplift your capability across the full-spectrum of cyber security - assessment, remediation, monitoring, governance and ongoing education.