The Linkedin Data Breach on approximately 700 million LinkedIn profiles – more than 90% of all LinkedIn core members advertised – are sold in the online cybercrime market.
Data includes full names, email addresses at work, birthdays, work addresses, phone numbers, Facebook and Twitter IDs and links, job title, region and, in some cases, specific GPS links – all what appeared to be public access to LinkedIn profile pages.
- Data leaks are not a ‘violation’ – but they are still pulling on users
- Leading data theft services
- Also: I’ve been using the OnePlus 9 Pro for three months – and I’ve changed my mind
Anyone who has provided all that information on their LinkedIn page is likely to find a lot of spam, fall victim to attempts to steal sensitive information and possibly be at greater risk of identity theft.
Most importantly, most entries contain special GPS links that can pinpoint the location of a LinkedIn user, which can be useful for traffickers and burglars.
The solution, as always, is to give LinkedIn as little information about you as possible, and to prevent the LinkedIn app – any social networking app – from accessing your GPS data on your phone.
What you can do to protect yourself
You can avoid being swept away in the following data scrape by providing only the minimum amount of data needed to maintain a LinkedIn account, or actually any social media account.
Also be sure to check your phone settings and deny social media applications access to your GPS links.
For Android, go to Settings> Apps & notifications> App permissions> Location and decide which apps should always be, should or should not always be able to access your location. On iOS, you can do the same by going to Settings> Privacy> Location Services.
GPS data Leaked
However, a few entries contained specific links to places, certainly many more than gave you email addresses or phone numbers.
Those users may have used the LinkedIn mobile app and were unaware that the app could capture their GPS data at the moment and upload it to LinkedIn servers.
Local links were easy to translate into map locations by copying and pasting links to Google. We found places in New York City and Brazil, along the road in rural France and in various cities in India.
To make matters worse, we received links to addresses in some of Boston’s suburbs and in the town of Wisconsin. Each house was individually selected and displayed in Google Street View and full house addresses are displayed. Names are added to each list.
That’s really bad. It means that you and I could drive to those homes, jump in the doors and ask the residents for names – all because of the publicly available data on LinkedIn.
If anyone whose home address can be accessed with this data and is likely to provide his or her birthday with the required full name, the identity thief may try to use those three pieces of information to fraudulently open accounts on that person’s name.
What we found in the scraped data
Tom’s guide looked at the smallest sample of LinkedIn cut data, which is the only sample size you don’t need to register with an unpopular website.
We found that while all of the 443 entries provided in the sample contained full LinkedIn usernames and LinkedIn IDs, URLs, usernames, most users voluntarily did not provide anything other than their general location, i.e. country, city or state.
It turns out many users know enough to give LinkedIn nothing but the minimal emptyness needed to maintain an account. Only 7.5% of users in the sample of data include a work email address.
Email addresses were not asked. Very few people have provided cell phone numbers, and we could have found only one of the first 100 entries.
Second Time data Breach This Year
The incident took place a few months after a separate incident that sent data collected to 500 million LinkedIn user profiles.
“We cannot be sure whether the records are data collection from previous breaches and public profiles, or whether the data is from private accounts,” said Privacy Shark, a website that analyzed a sample of new data.
“Given that 200 million new records are available, it is possible that new data has been deleted.”
The sales person goes by the name of TomLiner and posted a sales notice on the Raid Forums website, which is open to the public, on June 22. It distributes samples of various sizes, ranging from a million to a few hundred records.
Another sample that analyzed the samples, Restoring Privacy, said TomLiner told them the data had been deleted using the LinkedIn API, or application program interface, a tool that allows your computer to communicate quickly with a website server.
The LinkedIn website claims to have 756 million users. If this stolen data is estimated at 700 million users, that is 92.5% of the total LinkedIn user set. If you have a LinkedIn account, your data may be part of this.
Data breach or not, your details are still disclosed
In other words, this is not a data breach, and no hacking was involved, as was the case with the 500 million LinkedIn profiles recorded a few months ago.
At the moment, LinkedIn has relieved itself of its burden in a statement to Shaka Privacy: “This was not a violation of LinkedIn information and our investigation found that no LinkedIn member information was disclosed.”
And it is not as bad as the 2012 LinkedIn data breach that revealed the secret information of an estimated 117 million LinkedIn users, including their email addresses and passwords. Even Facebook founder Mark Zuckerberg revealed his email address and password to that.
However, that would be a small consolation for people who rely on LinkedIn to monitor their data. As privacy expert Melanie Ensign noted in Tom’s Guide’s recent question, “there is a lot of potential harm to information companies that force users to share public profiles.”
“Whether the data is stolen, leaked, or deleted, the result for consumers is the same,” Ensign continues. “Their privacy was violated by a company they thought they could trust.”
LinkedIn denies data breach
LinkedIn, which is owned by Microsoft, says that the latest report on personal information of about 700 million users sold by its members is due to the refinement of a skilled social networking site, not a new breach of data.
The data leak allegations were made by Restore Privacy founder Sven Taylor, who said the criminal had sent a sample to an anonymous online site with details of the 1 million LinkedIn users.
Taylor said the database of hackers has information on 700 million members of LinkedIn, which is very close to users who have registered on the website.
Price US $ 5000 for a complete database of 700 million records, Taylor said the data appears to be updated with samples from 2020 to 2021.
Taylor contacted the threatening actor on Telegram, and was told that the information was available through the LinkedIn application programming interface.
After investigating the report, LinkedIn said the data did not come from a breach and that no confidential information was disclosed.
“Our initial investigation found that this data was released on LinkedIn and various other websites and included the same information reported earlier this year at our event,” LinkedIn said.
In April this year, LinkedIn claimed to have investigated a set of data suspected of being sold, and decided that its information should be linked to various websites and companies.
Haveibeenpwned data leak lookup lookup and alert operator, Troy Hunt, also believed the information had been released on LinkedIn.
LinkedIn states that any misuse of members’ information such as scratching is against its terms of service and that it will arrest anyone who does so.
In 2012, LinkedIn was hit by 164 million address and password data.
Disclaimer– DigiNews is not responsible for the accuracy of the news provided above.