LinkedIn has experienced a massive data breach wherein the data of over 700 million users has been exposed.
A hoard of LinkedIn user data for sale:
In the massive LinkedIn data breach, it was reported that more than 92% of all LinkedIn users were affected. It had also been put forth that a popular hacking forum had posted the LinkedIn data for sale on the 22nd of June.
The data that was leaked of the 700 Million users consisted of online and physical addresses, geolocation records as well as inferred salaries of the users and is now up for sale on the dark web.
According to 9to5Mac, when the sale was put up on the hacker forum, the malicious actor had posted LinkedIn data of around 1 Million users as a sample.
A recent report by the publication confirms that the data advertised by the hacker “is both genuine and up-to-date,” with data points dating from 2020 to 2021. The report further mentions that the breached data contains a plethora of information. Some of this includes users’ full names, email addresses, phone numbers, physical addresses as well as geolocation records.
In some instances, it was found that the data that was exposed also contained LinkedIn username and profile URL, personal and professional background, and even the mentions of users’ other social media accounts and usernames.
Same vulnerability allegedly exploited again:
If security sources are to be believed, the hacker reportedly was able to access the data of the social media platform by exploiting the LinkedIn API. Seemingly, the security vulnerability permitted the threat actor to collect the data that users uploaded to LinkedIn.
According to security experts, user passwords have not been compromised in the data breach, however, it is concerning to note that the existing data is still valuable that has been exposed. It can be further exploited to deploy phishing attacks or other cyber attacks.
This is the second such breach of its kind, compromising the data of the users. Back in April, the data of around 500 million was stolen through the very same vulnerability. At the time, the social media platform acknowledged the data breach, stating that the breach involved publicly viewable profile data that scraped from Linkedin.