It seems like no online platform is immune to cyberattacks. Small or big, almost every internet-based enterprise has a data breach history. A few days after Facebook’s massive data breach news, LinkedIn data exposure is now making headlines.
According to a report, cybersecurity researchers found a massive database belonging to LinkedIn users kept for sale on the dark web. The exposed database contained scraped data from over 500 million LinkedIn profiles that contained private information, including full names, employment information, contact details, email addresses, links to other social media profiles. Threat actors even leaked two million user records as a proof-of-concept.
Data Sold at 4-digit Price
Cybercriminals have allegedly advertised the sale of the database that hosted over 500 million user records at a 4-digit minimum price.
While threat actors claim that the leaked data was scraped from LinkedIn, researchers stated that it’s unclear whether the exposed data is from up-to-date LinkedIn profiles or taken from previous data breaches. “We asked LinkedIn if they could confirm that the leak was genuine and whether they have alerted their users and clients, but we have received no reply from the company at the time of writing this report,” researchers said.
The Data Leak Impact
Cybercriminals could misuse the compromised data against LinkedIn users in several ways like launching targeted phishing attacks, spamming the leaked emails and contact numbers, and performing brute-force attacks on LinkedIn profiles with the leaked email addresses. Though the exposed information does not include any sensitive data like credit card details or legal documents, adversaries can cause maximum damage with just email addresses and contact details.
“Particularly determined attackers can combine information found in the leaked files with other data breaches to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum,” the researchers added.
Strengthen Your Online Accounts
If you suspect your LinkedIn profile to have been compromised in the data leak, follow these security measures to boost the security of your online accounts:
- Don’t respond to suspicious LinkedIn messages and connection requests.
- Use a strong password/passphrase that’s hard to crack.
- Change your LinkedIn and email accounts’ passwords regularly.
- Enable two-factor authentication (2FA) on all your online accounts for additional security.
- Never click/open unknown links on websites or in emails from external sources.
- Install anti-phishing and anti-malware software to prevent cyberthreats.
Check if your email or phone has been compromised
The data breach search website Have I Been Pwned?, created by web security consultant Troy Hunt, allows users to check whether their personal information has been compromised in any data breaches. Once they enter the required details, the breach notification service indexes all the data breaches – the largest and the most recent – to check if users’ email IDs/phone numbers were exposed. Users can also sign up to be notified if their email address appears in future dumps.