Updated June 29, 2021: LinkedIn shared a statement on the alleged breach, "While we're still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members' privacy is protected." The original story follows.
What you need to know
- Account details from 700 million LinkedIn users are reportedly for sale on the dark web.
- This is the second reported major data breach of the social network this year.
- The data includes email addresses, full names, physical addresses, and many other pieces of personal information.
Data from 700 million LinkedIn users is now up for sale on the dark web, according to a report by PrivacySharks (via RestorePrivacy). The personal information comes from a major breach of the social network, the second incident of this kind this year (via 9to5Mac). The data breach leaves affected people at risk of phishing attacks, identity theft, and other security-related issues.
RestorePrivacy reports that a hacker advertised data from 700 million LinkedIn users on June 22, 2021. The same hacker also posted a sample of the data from one million people to show its authenticity. RestorePrivacy examined the sample of data and found the following information:
- Email Addresses
- Full names
- Phone numbers
- Physical addresses
- Geolocation records
- LinkedIn username and profile URL
- Personal and professional experience/background
- Genders
- Other social media accounts and usernames
LinkedIn has 756 million members, according to the social network's about page. That means that a data breach of 700 million accounts affects over 92% of its total users.
The data was cross-checked and analyzed by RestorePrivacy, which determined the information to be authentic and up to date. It includes samples from 2020 and 2021.
Passwords were not found in the information from the data breach, but the data that is available still presents security risks. As explained by RestorePrivacy, a bad actor could use the data obtained through the breach to gain access to people's other accounts.
The hacker that posted the data online says that he obtained the data exploiting an official LinkedIn API.
