Just two months after the leak of data belonging to 500 million LinkedIn users, a new security incident is coming to affect the members of the platform, this time bringing greater security implications. According to researchers, a new post containing 700 million files with data of LinkedIn users, was posted on a popular hacking forum.
Analysts from Privacy Sharks have discovered the data put up for sale on RaidForums by a hacker who calls himself “GOD User TomLiner”. The ad, released June 22, claims that 700 million data files are cached and displays a sample of 1 million files as “proof” of the claims.
Proper research on Privacy Sharks
Privacy Sharks reviewed the sample for free and found that the files on display included full names, gender, email addresses, telephone numbers, and company information. It is not clear where the data comes from, however scraping public profiles is a possible source. This is exactly what happened in the corresponding incident in April. It included a “collection of data from a number of websites and companies” as well as “member profile data that can be viewed by the public,” LinkedIn said at the time.
According to LinkedIn, this time his networks were not violated. In addition, the company stated the following: “While we are still investigating this issue, our initial analysis shows that the data set includes information extracted by scraping from LinkedIn, as well as information obtained from other sources. This is not a LinkedIn data breach and our investigation concluded that no personal data of members of the platform have been exposed. Data scraping by LinkedIn is a violation of the Terms of Service and we are constantly working to ensure that the privacy of our members is protected.
At the same time, Privacy Shark reported in a related blog post on June 27: “This time, we can not be sure if the files are an accumulation of data from previous breaches and public profiles or if the information comes from private accounts. We have a strict policy not to support sellers of stolen data and, as a result, we have not purchased the leaked list to confirm all files.
There are 200 million more files available in the collection this time around, so the new data may have been scraped, and this time it may be more than a repeat of the previous set of files, the researchers noted.
Some good news
The good news is that credit card data, personal message content, and other sensitive information have not been exposed in the context of the incident, according to Privacy Shark analysis. This does not mean, however, that there are no serious safety implications.
Specifically, Privacy Sharks noted the following: “Data leaks pose a threat to exaggerated LinkedIn users. With information such as email addresses and phone numbers available to online shoppers, LinkedIn members could be the target of spam campaigns, or worse, identity theft. Malicious agents may still be able to detect sensitive data only through an email id. LinkedIn users also could receive scams via email or phone to make trick them into sharing delicate credentials or transferring large sums of money.
In addition, there are brute-force attacks that should be of concern: “Using the email addresses contained in the files, attackers may try to access users’ accounts by using different combinations of common password characters,” they warned. Finally, the data could be a “social engineering mine”. Sure, intruders could just visit public profiles to target someone, but with so many files in one place, they could automate targeted attacks using information about users’ work and gender, among other things.
It happens not to be infrequent to see that kind of datasets send modified phishing emails, blackmail victims for ransom, or make money over the dark web particularly now that several hackers target job seekers on LinkedIn with false job offers and infect them with backdoor trojans.
Candid Wuest, vice president of Acronis cybersecurity research, said in an email at the time of the first data security incident: “Such personalized LinkedIn bait phishing attacks were used by the Golden Chickens team.
Therefore, users should protect their LinkedIn accounts by updating their passwords and enabling two-factor authentication (2FA).