Data from 700 million LinkedIn users has been put up for sale online, making this one of the largest LinkedIn data leaks to date. And after making contact with the seller, we have updated this article with more information, including how the data was obtained and the possible impact on LinkedIn users.
Many people trust LinkedIn with all sorts of private data, hoping and trusting that the information remains in safe hands. But is this trust warranted? So far in 2021, we have already seen two separate incidents where bad actors have exploited the professional networking platform to harvest vast amounts of user data.
The implications of this are far-ranging, from identity theft to phishing attacks, social engineering attacks, and more. Before we dive into the consequences of this leak, let’s first examine what happened.
What happened exactly?
On June 22nd, a user of a popular hacker advertised data from 700 Million LinkedIn users for sale. The user of the forum posted up a sample of the data that includes 1 million LinkedIn users. We examined the sample and found it to contain the following information:
The user claims that the complete database contains the personal information of 700 Million LinkedIn users. Since LinkedIn has 756 million users, according to its website, this would mean that almost 93% of all LinkedIn users can be found through these records.
Below is a small section of the sample we examined to show you how much information one record can contain:
In this sample you can see full names, LinkedIn usernames, Facebook usernames, email accounts, mobile phone numbers, professional data, and more.
Based on our analysis and cross-checking data from the sample with other publicly available information, it appears all data is authentic and tied to real users. Additionally, the data does appear to be up to date, with samples from 2020 to 2021.
While we did not find login credentials or financial data in the samples we examined, there is still a treasure trove of information for bad actors to exploit for financial gain, as we’ll explain more below.
Everything remains up for sale at this time.
We have also reached out to LinkedIn for comment on this latest data leak, but have not yet heard back.
Above all else, this information exposes LinkedIn users to a higher risk of exploitation by bad actors.
And once your private data is leaked, there’s no getting it back.
How much privacy should one really expect on a social networking site?
To minimize this risk, you need to limit the amount of data that is available to others.
This could include getting off of all social networks entirely, or limiting the information you share. Using products and services that don’t harvest your personal information for profit is also crucial. We have reviewed some of the best options with:
Many people trust LinkedIn with all sorts of private data, hoping and trusting that the information remains in safe hands. But is this trust warranted? So far in 2021, we have already seen two separate incidents where bad actors have exploited the professional networking platform to harvest vast amounts of user data.
The implications of this are far-ranging, from identity theft to phishing attacks, social engineering attacks, and more. Before we dive into the consequences of this leak, let’s first examine what happened.
What happened exactly?
On June 22nd, a user of a popular hacker advertised data from 700 Million LinkedIn users for sale. The user of the forum posted up a sample of the data that includes 1 million LinkedIn users. We examined the sample and found it to contain the following information:
- Email Addresses
- Full names
- Phone numbers
- Physical addresses
- Geolocation records
- LinkedIn username and profile URL
- Personal and professional experience/background
- Genders
- Other social media accounts and usernames
The user claims that the complete database contains the personal information of 700 Million LinkedIn users. Since LinkedIn has 756 million users, according to its website, this would mean that almost 93% of all LinkedIn users can be found through these records.
Below is a small section of the sample we examined to show you how much information one record can contain:
In this sample you can see full names, LinkedIn usernames, Facebook usernames, email accounts, mobile phone numbers, professional data, and more.
Based on our analysis and cross-checking data from the sample with other publicly available information, it appears all data is authentic and tied to real users. Additionally, the data does appear to be up to date, with samples from 2020 to 2021.
While we did not find login credentials or financial data in the samples we examined, there is still a treasure trove of information for bad actors to exploit for financial gain, as we’ll explain more below.
How was the data obtained?
We reached out directly to the user who is posting the data up for sale on the hacking forum. He claims the data was obtained by exploiting the LinkedIn API to harvest information that people upload to the site.Everything remains up for sale at this time.
We have also reached out to LinkedIn for comment on this latest data leak, but have not yet heard back.
Possible impact of this latest LinkedIn data leak
While this latest LinkedIn leak did not contain any financial records or login credentials, there are still serious consequences. This is because it puts 700+ million people at risk of:- identity theft
- phishing attempts
- social engineering attacks
- hacked accounts
Above all else, this information exposes LinkedIn users to a higher risk of exploitation by bad actors.
And once your private data is leaked, there’s no getting it back.
Should companies be financially liable when your data is exposed?
This leads us to an interesting question. Should companies be held liable when user data is exploited by bad actors? In this specific case, it does not appear that LinkedIn servers were hacked or there was a full “breach” in the traditional sense of the term. Instead, however, the data was harvested through LinkedIn’s own API (application program interface) by threat actors.How much privacy should one really expect on a social networking site?
When others have your data, it puts you at risk
We’ve said it before and we’ll say it again: any business, individual, or entity that has control over your private data puts you at risk. Whether this risk is minimal or vast depends on the data, who is securing it, and the consequences of it being lost.To minimize this risk, you need to limit the amount of data that is available to others.
This could include getting off of all social networks entirely, or limiting the information you share. Using products and services that don’t harvest your personal information for profit is also crucial. We have reviewed some of the best options with:
- Secure browsers that respect your privacy and don’t collect your data for advertising networks
- Secure and private email services that don’t sell access to your inbox or comb through your emails
- Private search engines