After Facebook – 500 million LinkedIn users’ data found for sale

The professional networking site has been a part of a massive data breach that has exposed crucial data of 500 million users on the dark web
9 April 2021

LinkedIn remains the most impersonated brand in phishing scams, followed by Microsoft and DHL. (Photo by JUSTIN SULLIVAN / GETTY IMAGES NORTH AMERICA / Getty Images via AFP)

  • Information that has been leaked includes the LinkedIn ID, full names, e-mail addresses, phone numbers, and more
  • LinkedIn says that scraped data in the collection was public information with no private member account data included
  • Italy’s privacy watchdog has started an investigation into LinkedIn as Ireland’s privacy authority investigates Facebook’s data breach

Just a few days ago, data of over 530 million Facebook Inc users – including phone numbers – were leaked and found on websites. The database appears to be the same set of Facebook-linked telephone numbers that have been circulating in hacker circles since January. Four days later, it appears that information of over 500 million LinkedIn user profiles was found, as part of a database that was posted for sale on a website popular with hackers.

The potential scope of the leak is huge as apparently an individual selling the data on a hacker forum claims it was scraped from 500 million LinkedIn profiles, according to CyberNews. In a purported sample of two million of the profiles for sale, LinkedIn members’ full names, email addresses, phone numbers, genders, and more were visible, CyberNews found.

The Microsoft-owned professional social network, however, says the data includes information from many places and wasn’t all scraped from the professional-focused social network. According to LinkedIn’s statement, “We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies.”

The company also contends that “no private member account data from LinkedIn was included” — which perhaps means the scraped data only includes public information that can be seen on someone’s public page. LinkedIn insists that it was “not a LinkedIn data breach,” since the data was scraped rather than collected by a hacker penetrating LinkedIn’s systems.

Nevertheless, LinkedIn has yet to tell us if it will notify users whose data was in the dataset. Facebook, on the other hand, doesn’t plan to inform users if they are one of the people whose data leaked but if you intend to check whether your email or phone number was part of the Facebook data leak, there are instructions here.

Italy’s privacy watchdog has started an investigation into LinkedIn, it confirmed to Bloomberg. The authority said in a statement late on Thursday that it started an investigation following “the dissemination of user data, including IDs, full names, email addresses, telephone numbers.” 

The regulator warned that anyone getting hold of such data and using it could face sanctions. According to Bloomberg, Italy has one of the highest numbers of subscribers to LinkedIn in Europe and called on affected users to “pay particular attention to any anomalies” related to their phone number and their account. The move by the Italian authority comes after Ireland’s privacy authority said it was looking into a leak of Facebook users’ data.

Impact on organizations

Inevitably, both customers and employees are now vulnerable vectors that hackers can exploit using the information from the LinkedIn data breach. Vigilance is absolutely necessary when it comes to data breaches, as hashes will be cracked faster than ever. As soon as a leak or breach is announced, organizations and their employees should take action immediately in order to mitigate any potential risk. Engage in employee awareness warning against the use of corporate emails, simple passwords, and reusing passwords across different platforms and accounts. Of course, If it’s not already in place, require two-factor authentication for all employee account.