An archive containing data scraped from 500 million LinkedIn users are put for sale on a popular hacker forum and another 2 million records were leaked as a proof-of-concept sample by the post author.
The leaked files include details about the users such as their full names, email addresses, phone numbers, workplace information, and more. The data has been allegedly scraped by the attacker from the users.
The users on the hacker forum can view the leaked samples for about $2 worth of forum credits. But the attacker is auctioning the larger 500 million user database for at least a 4-digit sum, presumably in bitcoin.
According to the author, the data was scraped from LinkedIn and sources have confirmed from the samples provided on the hacker forum. However, it is not sure whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken from a previous breach suffered by LinkedIn or other companies.
From the leaked files, it appears to contain a variety of professional information from LinkedIn profiles, including: IDs, full names, email addresses, phone numbers, genders, links to LinkedIn profiles, links to other social media profiles, professional titles and other work-related data.
These data can be utilized by threat actors against LinkedIn users in multiple ways by:
- Performing targeted phishing attacks.
- Spamming 500 million emails and phone numbers.
- Brute-forcing the passwords of LinkedIn profiles and email addresses.
However, sensitive information such as credit card details or legal documents were not found among the leaked sample posted by the threat actor. But an email address alone can be enough for a competent cybercriminal to cause real damage.
Attackers can combine information found in the leaked files with other data breaches to create detailed profiles of their potential victims. With such information they can conduct much more convincing phishing and social engineering attacks or even commit identity theft.
If you believe that your LinkedIn profile data might have been scraped by threat actors, it is recommended that you must
- Be cautious of suspicious LinkedIn messages and connection requests from strangers.
- Immediately change your LinkedIn and email accounts passwords.
- Make it a practice to use a password manager to create strong passwords and store them securely.
- Enable two-factor authentication (2FA) on all your online accounts.
Also look out for phishing emails and text messages and do not click on suspicious looking links or respond to anyone you don’t know.
Image Credits : Rappler