LinkedIn Breach Exposes 92% Of Its Users Data

I’m shocked and upset about this LinkedIn breach. This is their second massive LinkedIn breach. It was reported that 700M users were effected in this breach, which is more than 92% of the total 756M users. The database is found for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries.

 

What Happened?

 According to the RestorePrivacy website, the hackers were able to abuse the official LinkedIn API to download the data.

On June 22nd, a user of a popular hacker advertised data from 700 Million LinkedIn users for sale. The user of the forum posted up a sample of the data that includes 1 million LinkedIn users. We examined the sample and found it to contain the following information:

  • Email Addresses

  • Full names

  • Phone numbers

  • Physical addresses

  • Geolocation records

  • LinkedIn username and profile URL

  • Personal and professional experience/background

  • Genders

  • Other social media accounts and usernames

Based on our analysis and cross-checking data from the sample with other publicly available information, it appears all data is authentic and tied to real users. Additionally, the data does appear to be up to date, with samples from 2020 to 2021.

We reached out directly to the user who is posting the data up for sale on the hacking forum. He claims the data was obtained by exploiting the LinkedIn API to harvest information that people upload to the site.

At least no passwords were included. However this information is still valuable data that can be used for identity theft and hackers can craft more convincing-looking spear phishing emails.

Since this breach is so new the API/Database I use for Dark Web Search is not currently up to date. Give it a month and we should find out if our PII has been compromised. The likely hood is quite high since the exposure is of 92% of their userbase. 

I hope this article was helpful, if you have any questions please feel free to contact me. If you would like to be notified of when I create a new post you can subscribe to my blog alert.


Discover more from Patrick Domingues

Subscribe to get the latest posts sent to your email.

author avatar
Patrick Domingues

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.