LinkedIn has reportedly suffered a massive breach wherethe data of more than 700 million users are up on sale on the Dark web. According to PrivacySharks, the available data on the Dark web include users’ full name, gender, email ID, phone numbers, and industry information. It appears that account username and password still remain secure; however, access to phone numbers and email IDs alone can result in sophisticated phishing attacks - a common form of cyber crime amid the pandemic. Notably, LinkedIn had suffered another cyber attack nearly two months ago where the data of over 500 million users were on sale on the dark web. It is currently unclear whether the new breach and old cyber attack have anything in common. The latest development indicates that 92 percent of LinkedIn’s 756M users are impacted by the breach.
The publication also reached out to LinkedIn, and the company said that it is investigating the matter. “While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach, and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service, and we are constantly working to ensure our members’ privacy is protected," a LinkedIn spokesperson told RaidForums. The statement indicates that the breached data appears to be collected from third-party websites or previous leaks. Regardless, it implies that users could still potentially face a cyber attack, and must remain vigilant about fishy emails or SMS with dubious links.
It is also a good idea to secure the LinkedIn account and other linked accounts by updating passwords. Enabling two-factor authentication will also help prevent brute force attacks, which are a likely result of this recent data leak. In the meantime, more information over the breach from LinkedIn is expected.