Roughly 92% of LinkedIn users may have had their data stolen.
Users’ names, email addresses, phone numbers, and home addresses were among the exposed pieces of information.
Information that was stolen is currently for sale on the underground web.
An estimated 700 million LinkedIn members were compromised by the company’s second major data leak of 2018. Online and physical addresses, geolocation details, and estimated wages are among the revealed data sets that are now for sale on the dark web.
Information has been updated to reflect LinkedIn’s response to the data leak, which confirms that the breach was the result of “data scraping from LinkedIn and other sources.”
A package of purported LinkedIn data was reportedly put up for sale, and our teams looked into it. Please understand that this is not a data breach and that no LinkedIn member information was compromised in any way.
Based on our preliminary research, we can confirm that this information was gathered by data scraping from LinkedIn and other websites.
Also, “any exploitation of our members’ data, such as scraping, violates LinkedIn terms of service,” it read. We take measures to prevent and punish those who misuse LinkedIn members’ personal information for their own or a third party’s benefit.
The threat actor has reportedly taken to a dark web forum in an attempt to resell the stolen data. A subset of the information was shared on the website to accomplish this. According to a research by RestorePrivacy, the sample includes the personal information of over a million different LinkedIn users.
It verifies that the hacker’s offered data “is both real and up-to-date,” including data from 2020 and 2021. The paper goes on to say that there is a wealth of information within the data. Users’ complete names, email addresses, phone numbers, physical locations, and geolocation information are all examples of this kind of data.
Privacy Sharks has validated the authenticity of the for-sale dataset. Personal and professional details, as well as references to other social media profiles and identities, were also exposed along with the user’s LinkedIn username and profile URL.
Using LinkedIn API vulnerabilities, the threat actor gained access to the data, as suggested by RestorePrivacy. Due to the security flaw, the hacker was able to steal any data that users had entered onto the site. The LinkedIn denial may be found here
Insufficient API to return this kind of information from LinkedIn. Through our current study, we have determined that this data collection does not originate from LinkedIn in several key respects, including phone number, gender, inferred salary, and physical address.
Even if no credentials were exposed, the data points are still extremely important because they can be used in later phishing attempts.
In this, the second such incident, LinkedIn user data has been compromised. In the same way, data belonging to almost 500 million LinkedIn members were leaked on the dark web in April of this year.
Although LinkedIn initially denied any breach had occurred, the company later admitted that some user profiles had been scraped and made public.
For More Information Visit Our Site:https://www.techllog.com/