While the security offered by social networking sites has always been questionable, it seems past few years have brazenly put forth lapses on these sites. While Facebook’s infamous 590Mn users’ data leak recently surfaced again on the web, this time it is LinkedIn which is in crosshairs. This fresh data leak involved scrapping of over 500 millions accounts — over 2/3rd of LinkedIn’s base — data for whom was recently scrapped, and has since been made available for sale online on hacker communities. News came in via CyberNews.
In a statement issued post the news, LinkedIn said, “It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.”
It may be worth taking note that the current strength of LinkedIn users stands at around 740 million, which, though significantly less as compared to more popular sites like Facebook and Twitter, is still very impressive. However, this also means that the recent security breach on the data from 500 million users has the potential of affecting over two thirds of the entire population on the platform.
The leaked information includes personal details like IDs, names, email addresses, workplace details, phone numbers, gender identities, and even links to other social media handles. The company has so far claimed that the data was not, in fact, leaked due to a breach on the LinkedIn dataset, and instead, has been aggregated from a number of websites and other platforms. “When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable”, it said in a statement. Nevertheless, hackers hold that the leak was from the the LinkedIn database itself.
The hacker who is in possession of the data has released it for sale online on a hacker forum, and is expecting to receive a four digit sum in return, and that too, preferably as Bitcoin, for it. A sample copy of information from 2 million of the hacked records, in the form of four separate files, has also been posted as a “Proof-of-Concept”. Users on the forum have the option of viewing the leaked samples for 2 USD worth of forum credits.
However, experts are sceptical of the fact that the data was stolen recently, and instead assert that it may, in fact, have been stolen at an earlier date. Nevertheless, they deem this leak harmful, since hackers and imposters may use the data to attack companies by making use of employee information. They fear that this may become especially true owing to the work-from-home scenario and increased use of personal devices to work.
Now it remains to be seen what LinkedIn will do to overcome this leak and prevent future hacks of such massive levels. This breach comes at a time when a vicious cycle can be seen to be setting up, as online platforms continue to be hacked, and in desperation, pay large sums to ransomware groups as a means to ward them off. However, the thugs end up using this money to make plans of executing bigger hacks on some other company.