A few days ago, LinkedIn admitted that it had suffered a massive data breach that has now affected over 500 million users. The breach was identified after sensitive user information from the platform was posted online for sale.
The leaked information includes data sets such as email addresses, phone numbers, workplace information, full names, account IDs, links to their social media accounts, and gender details. The breached data is reportedly being sold by an unknown user on a hacker forum, who has dumped data of over two million users as sample proof.
According to reports by Gadgets NDTV, the hacker responsible for sharing the data is asking for a four-digit amount (in USD) in exchange for the breached data, potentially in the form of Bitcoins. This comes just days after a similarly massive leak of scraped data from over 500 million Facebook users was leaked.
With over 740 million users, the data breach puts LinkedIn in a vulnerable place since privacy and security are among the top concerns for users in this day and age. News of the breach was first reported by Cyber News and later confirmed by LinkedIn to Business Insider.
LinkedIn has over 740 million users, the company mentions this on its website, which means that data of over two-third of its subscribers has been compromised and being sold online. The news was first reported by CyberNews, and LinkedIn later confirmed the breach to Business Insider.
“While we’re still investigating this issue, the posted dataset appears to include publicly viewable information that was scraped from LinkedIn combined with data aggregated from other websites or companies. Scraping our members’ data from LinkedIn violates our terms of service and we are constantly working to protect our members and their data”, a LinkedIn spokesperson told the publication in an official statement.
The service, which is owned by Microsoft, said that it did not suffer a data breach involving hackers penetrating the company’s internal databases to siphon information. Instead, the bad actors scraped the data from LinkedIn’s public-facing service.
The data includes sensitive information like phone numbers, email ID, workplace information, and even links to their social media accounts.
It is quite surprising that the breach occurred after Facebook suffered a massive attack of its own where 533 million of its users’ data was leaked on a hacking forum recently. The hack exposed a large dataset that included users from 106 countries, 32 million records from users in the US and 6 million users in India.
How to protect yourself against the LinkedIn data breach
Although the scraped LinkedIn data set doesn’t include sensitive information like credit card information or Social Security numbers, the hackers can still perform other sophisticated hacking attempts using the leaked data.
For instance, hackers could use data like email addresses and phone numbers to conduct phishing attacks, in which they send people fake emails that look real but contain links to malicious websites.
So, what can you do about this data breach? For starters, you should ensure your password is intact or change it immediately. Also, check the privacy settings and other security features for the apps you use including third-party ones connected with your LinkedIn account whether they’re set up properly.
You should also use online services like Have I Been Pwned to check against their database and find out whether your email appears in any recent or past cybersecurity attacks. The service also sends notifications if your email address is part of a data breach.
Aside from changing your passwords, and ensuring that they are strong and unique to avoid easy access from hackers. You should also make use of two-factor authentication (2FA) wherever available, and do not accept connections, especially on LinkedIn and Facebook, from unknown people.
In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.
Check out: Yahoo Answers Will be Shutdown on 4th May
Author: Allan Bangirana
Allan Bangirana has a taste for all kinds of topics and usually writes about tech, entertainment, sports and community projects that make a difference in society.