500M Accounts Scraped Again This Time From Linkedin

Not long after we learned that more than 500M accounts were scraped, exposing personal data from Facebook users, a report today says the same is true of LinkedIn and unnamed additional services.

Some 2 million records have been put online as proof of the attack …

Cybernews reports.

The data includes:

An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author.

The four leaked files contain information about the LinkedIn users whose data has been allegedly scraped by the threat actor, including their full names, email addresses, phone numbers, workplace information, and more.

• LinkedIn IDs
• Full names
• Email addresses
• Phone numbers
• Genders
• Links to LinkedIn profiles
• Links to other social media profiles
• Professional titles and other work-related data

However, LinkedIn says that while some of the data came from its service, the 500M records are a mix of this data and additional data obtained from other services.

Cybernews says that, like the Facebook breach, the data may actually have been obtained some years ago.

Members trust LinkedIn with their data, and we take action to protect that trust. We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.

Any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.

This is a reference to a LinkedIn data breach back in 2016.

The author of the post claims that the data was scraped from LinkedIn. Our investigation team was able to confirm this by looking at the samples provided on the hacker forum. However, it’s unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies.

Passwords do not appear to have been compromised. However, you should be extra vigilant of emails purporting to come from LinkedIn contacts.

On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach.