LinkedIn data of over 700 million users has reportedly been exposed in a new breach. LinkedIn has a total of 756 million users, which means that the data of more than 92 percent of its users has been compromised in this new breach. The new dataset obtained by an unknown hacker is said to consist of personal details of LinkedIn users, including phone numbers, physical addresses, geolocation data, and inferred salaries. In April, LinkedIn confirmed a data breach affecting 500 million subscribers wherein personal details like email address, phone number, workplace information, full name, account IDs, links to their social media accounts, and gender details were listed online.
According to LinkedIn, it did not face a data breach, but rather the information was gained from scraping the network. In an emailed statement, LinkedIn told Gadgets 360: "While we're still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members' privacy is protected."
The new dataset of 700 million users is also on sale on the Dark Web, wherein the hacker has posted a sample set of 1 million users for buyers. RestorePrivacy was the first to spot this listing on the Dark Web and the sample data was cross-verified by 9to5Google. The sample dataset that has been published on the Dark Web includes user information like email addresses, full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, inferred salaries, personal and professional experience/ background, gender, and social media accounts and usernames.
9to5Google reached out directly to the hacker who says that the data was obtained by exploiting the LinkedIn API to harvest information that people upload to the site. The dataset does not include passwords, but the information is still very valuable and could amount to identity theft or phishing attempts.
To protect your data, it is important to look at the safety, security, and privacy settings of the apps you use and make sure that these are set up properly. Ensure that you have set up a strong password and indulge in the habit of changing them frequently. Also, enable two-factor authentication (2FA) wherever available, and do not accept connections, especially on LinkedIn and Facebook, from unknown people. Subscribe to sites like Have I Been Pwned for notifications if your email address is part of a data breach.