LinkedIn data breach: A second colossal attack affected millions of users!

A recent data breach, back in June exposed 700 million users’ profiles causing great concern

The allegations that data for millions of LinkedIn users have been leaked and made available for sale on a popular hacker forum are of great concern. This is the second data breach within a short period, since April 500 million LinkedIn profiles were affected in a data-scraping incident. According to recent allegations, there was a new data breach of 700 million LinkedIn records at the end of June.

A hacker calling himself ‘GOD User TomLiner’ made a post on RaidForums claiming there are in his possession 700 million LinkedIn data, which are for sale. To support his advertisement, the hacker included a sample of 1 million records from the professional networking platform.

The sample includes data such as full names, usernames and profile URL, gender, e-mail addresses, physical addresses, geo-location data, inferred salaries, and phone numbers. However, it seems that data such as passwords, private messages, credit card information, or any other sensitive information, is not included in the leak.

According to RestorePrivacy, the hacker has misused the LinkedIn official application programming interface (API) and downloaded the data, a method which was also applied in the data breach back in April.

If the allegations that this data comes from LinkedIn are verified, then more than 90% of the platform’s users have been affected by the recent data breach. This new leak highlights LiknedIn’s considerable issue with cybersecurity and experts warn of further problems unless immediate, and effective action is taken by the platform.

LinkedIn denies data breach

LinkedIn has denied reports of an alleged data breach, declaring that the accusations are groundless.

“Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed” the company said in a note posted on its website. “Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update”.

In an attempt to enrich its cybersecurity credibility, LinkedIn also stated that “members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable”.

In April’s breach, the company confirmed that the 500 million records did include data obtained from LinkedIn servers, but also defended that more than one source was used.

Many cybersecurity experts warn that these data sets are very common to be used for sending personalized phishing e-mails or earning money on the Dark Web. That’s why hackers target job seekers on LinkedIn by presenting fake job offers and infecting them with malware.

Passwords and e-mail addresses combinations are not included in the recent data breach, however, it is suggested LinkedIn users secure their accounts by changing passwords or even update passwords for their other online accounts. Enabling two-factor authentication can also be seen as an effective method of shielding the account, in a potential future hacker attack after the new data leak.

George Mavridis is a freelance journalist and writer based in Greece. His work primarily covers tech, innovation, social media, digital communication, and politics. He graduated from the Aristotle University of Thessaloniki with a BA in Journalism and Mass Communication. Also, he holds an MA in Media and Communication Studies from the Malmö University of Sweden and an MA in Digital Humanities from the Linnaeus University of Sweden.