A second massive LinkedIn breach reportedly exposes the info of 700M users, which is quite 92% of the entire 756M users. The database is purchasable on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries.
The hacker who obtained the info has posted a sample of 1M records, and checks confirm that the info is both genuine and up-to-date …
RestorePrivacy reports that the hacker appears to possess misused the official LinkedIn API to download the info , an equivalent method utilized in an identical breach back in April.
On June 22nd, a user of a well-liked hacker advertised data from 700 Million LinkedIn users purchasable . The user of the forum posted up a sample of the info that has 1 million LinkedIn users. We examined the sample and located it to contain the subsequent information:
LinkedIn username and profile URL
Personal and professional experience/background
Other social media accounts and usernames
Based on our analysis and cross-checking data from the sample with other publicly available information, it appears all data is authentic and tied to real users. Additionally, the info does appear to be up so far , with samples from 2020 to 2021.
We reached out on to the user who is posting the info up purchasable on the hacking forum. He claims the info was obtained by exploiting the LinkedIn API to reap information that folks upload to the location .
No passwords are included, but because the site notes, this is often still valuable data which will be used for fraud and convincing-looking phishing attempts which will themselves be wont to obtain login credentials for LinkedIn and other sites.
With the previous breach, LinkedIn did confirm that the 500M records included data obtained from its servers, but claimed that quite one source was used. PrivacyShark notes that the corporate has issued an identical statement this time:
While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn also as information obtained from other sources. This wasn't a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn may be a violation of our Terms of Service and that we are constantly working to make sure our members’ privacy is protected.
The someone was indeed ready to scrape many records, whether using the API or otherwise, that's definitely a security breach.