Categories
Security

New security breach in LinkedIn

A few months ago, a security breach was made public that affected millions of user accounts on LinkedIn. It is now known that the security breach affects 92% of the users of this social network and is more serious than what was reported. If you have an account, you should change your password.

The importance of data

Users should trust LinkedIn but need to take steps to protect that trust. A few months ago LinkedIn investigated data that had been put up for sale and reported that it was a data aggregation from various websites and companies. It included publicly visible member profile data that appears to have been extracted from LinkedIn.

As the company commented this was not a LinkedIn data breach and no data from private LinkedIn member accounts was included in what we were able to review.

Any misuse of member data violates LinkedIn’s terms of service. When someone tries to take member data and use it for purposes that LinkedIn and users using linkedin have not agreed to, we work to stop those responsible.

Data provided from LinkedIn

One seller, TomLiner, stated that he was in possession of the 700 million records on June 22, 2021 and included a sample of 1 million records in RaidForums  to prove his claims. We can confirm that records include information such as full names, gender, email addresses, phone numbers, and other valuable information.

The website https://www.privacysharks.com contacted LinkedIn to verify this information and received this official statement from Leonna Spilman:

While we are still investigating this issue, our initial analysis indicates that the dataset includes information extracted from LinkedIn, as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private data of LinkedIn members was exposed. Data mining from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure that the privacy of our members is  protected.”

What it means for LinkedIn users

This leak poses a threat to all users who have seen their data leaked. The data that has been obtained such as email address and mobile phone number are now available to online shoppers. This can result in your account falling victim to massive spam campaigns.

Although the shared data does not show any personal information such as credit card details or private messages, something we use every day has been shared, email. So we have to pay attention to the messages we receive and never listen if it does not come from someone you know. And if it’s in the spam folder… it’s likely spam.

Brute force attacks that try to break a LinkedIn user’s password if you have a simple password or with proper name or dictionary words. Cyber criminals can test that email they have obtained and test common passwords.

What to do if you are part of the filtration

Even if the password hasn’t been shared, it’s a good idea to change it. It’s always a good idea to change it from time to time. In addition, it turns on the second authentication factor to prevent brute force attacks.

Also remember that you can check if your email and mobile phone has been involved in a data breach by visiting the website Have I Been Pwned.

One reply on “New security breach in LinkedIn”

Leave a Reply