On a popular hacker forum, data scraped from over 500 million LinkedIn accounts has been found for sale. 2 million of these records were reportedly leaked to prove their legitimacy which a user could then view for $2 worth of the forum’s credits. The leaked data includes LinkedIn IDs, names, user genders, email addresses, phone numbers and work titles/workplace information. The leaked data from LinkedIn was mostly professional information and not personal, based on the leaked samples CyberNews posted and reviewed.
The author of the post on the hacker forum alleges the data they have for sale was data scraped from LinkedIn. The team at CyberNews was able to confirm this by looking at the samples the author posted. (See Figure 1 below from CyberNews)
It is unclear at this time if the leaked data is current or if the data had been stolen from a previously reported data breach by LinkedIn in May of 2016. The author of the post is offering to sell all 500 million LinkedIn profile information for a four-digit price.
While most of the leaked data from LinkedIn profiles was professional and not personal, this does not mean the information cannot be used against the compromised victims. Cybercriminals can cause damage with an email address alone, or, if highly motivated, a cybercriminal can use the leaked data from LinkedIn combined with other data breaches to build a damaging profile on an individual. Be on alert for any suspicious emails.
Assuming the user on the hacker forum is being candid about the 500 million leaked LinkedIn account data, all users should take these preventative measures with their accounts:
- Monitoring LinkedIn inboxes for unknown users/messaging requests,
- Monitoring connection requests,
- Changing your LinkedIn password and,
- Changing your email associated account’s password – using strong passwords,
In addition to these preventative measures, you should also check to see if your credentials have been compromised. There are free sites you can use for this, haveibeenpwned.com is a reputable site and if your information is on there you should take the above actions immediately.