A huge archive of social-networking platform, LinkedIn account data was discovered for sale online on April 6, comprising of 500 million users’ records, which include email addresses, phone numbers, links to other social media profiles, and professional information.
The users on the hacker forum can see the exposed samples for about $2 worth of forum credits, the cybercriminal seems to be auctioning the database off for at least a four-digit amount, probably in bitcoin.
According to the provided samples of the leaked files, it can be concluded that the leaked data contains a variety of mostly professional data from LinkedIn profiles, including:
- LinkedIn IDs
- Full names
- Email addresses
- Phone numbers
- Links to LinkedIn profiles
- Links to other social media profiles
- Professional titles and other work-related data
The absence of financial or identification documentation doesn’t indicate that the leaked data is not dangerous. “Particularly determined attackers can combine information found in the leaked files with other data breaches in order to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum,” CyberNews said.
The investigation team asked LinkedIn if they could confirm that the leak was genuine and whether they have alerted their users and clients, but no answer has been received yet. The data from the exposed files can be employed by threat actors against LinkedIn users in various ways such as conducting targeted phishing attacks, spamming emails, and phone numbers, or brute-forcing the passwords of LinkedIn profiles and email addresses.
In addition to it, if a user suspects of being targeted by a phishing attack on LinkedIn, then according to the experts it would be safer to change the login credentials immediately, enable two-factor authentication, and be certain not to click on any links, or download any attachments, unless positive they’re from a reliable origin. The company did not provide any official statement when asked if they could confirm that the leak was true and whether they have warned their users and clients.
Image Source: How to Geek