A hacker hijacked a LinkedIn API to retrieve data from more than 90% of social network subscribers. The data was public and it sells on the Dark Web 700 million records, including e-mail addresses, user names, mailing addresses...
New massive publication of personal data and it is again on the side of LinkedIn, the social network of professionals. According to RestorePrivacy, this release would expose the data of 700 million users, which represents 92% of the total subscribers! The huge database is for sale on the Dark Web with files including phone numbers, mailing addresses, geolocation data and even a salary grid.
The database was authenticated, and the hacker hijacked the use of an official Linkedin API to siphon part of their website. A method already used last April. It was on June 22 that the hacker posted his ad, and to prove his point, he published a sample of one million users. For each registration, we find: e-mail, first and last name, telephone number, username on different social networks, post. It was just the profile of every LinkedIn member that leaked, and it was compiled into a huge database. According to LinkedIn, some of the data does not come from their API.
The good news is that passwords are not retrieved.
Data extraction is a violation
According to RestorePrivacy, the data are recent with profiles dated from 2020 to 2021. This means that LinkedIn is unable to prevent the siphoning of data, so a hacker can continue to retrieve some of the public data. On the social network side, it was confirmed that the file was indeed authentic, but we defend ourselves against any security problem. In other words, anyone can retrieve Linkedin data since it is public pages, but compiling and selling them is a crime.
FOR MORE INFORMATION
Linkedin: data from 500 million members is available on the Internet
Linkedin confirmed that a hacker had put up for sale a database including the data of hundreds of millions of registered on this social network. These data include identifiers, phone numbers, e-mails, and they are simply public, in plain sight.
After Facebook, it is Linkedin’s turn to be hit by a massive hacking and data leak. Like Facebook, it would involve 500 million registered, and that represents two-thirds of the subscribers to this social network for professionals.
According to a Cyber News report, the hackers recovered a huge database from Linkedin, and they decided to sell them on the dark Web. On the social network side, owned by Microsoft, we confirm the existence of this database, but the internal investigation shows that it is not a leak. According to Linkedin, hackers simply retrieved and compiled public data, presumably via a third-party website.
A dream database for a phishing operation
Nevertheless, these data include account identifiers, full names, email addresses, telephone numbers, workplace information, gender and links to other social media accounts… The hacker posted an excerpt containing two million accounts, and he sells it for a four-digit amount (less than $10,000 therefore).
So you can’t compare with Facebook where passwords were compromised and accessed in the database, but the fact remains that this type of leak can lead to security problems, whether it’s spam, phishing or even identity theft. Not to mention that hackers, who have an account ID, can search for it and find the password by brute force. And when you know that many users choose a simple password, the hacker often only needs a few seconds to find it.