Just days after Facebook's huge data leak, a similar incident occurred, this time on LinkedIn. A file containing data that is said to have been stolen from Profile 500 million LinkedIn users, has been put up for sale in a popular hacking forum. The hacker who managed to extract them from the social network owned by Microsoft, has already published two million user files, as proof that the data is real.
The leaked files contain information about users whose data is said to have been stolen - including full names, email addresses, phone numbers, workplace information and more.
The two million user files that have been published as proof that they are real data can be viewed on the forum for $ 2. The 500 million accounts are offered for one four-digit amount, payable to Bitcoin. It is not clear at this time whether the malicious agent is selling updated LinkedIn profiles or whether the data was obtained / collected from a previous breach by LinkedIn or other companies.
LinkedIn has not yet commented on the matter.
In accordance with Security Affairs, the leaked data includes the following:
- Full names
- Email addresses
- Phone numbers
- Links with LinkedIn profiles
- Links with profiles of other social networks
- Job titles and other job-related data
What is the impact of the leak?
The data from the leaked files can be used by threatening agents against LinkedIn users, for various malicious activities, such as the following:
- Carrying out targeted phishing attacks.
- Spamming 500 million emails and phone numbers.
- Brute-forcing passwords of LinkedIn profiles and email addresses.
The leaked files appear to contain only LinkedIn profile information No particularly sensitive data, such as credit card details or legal documents, have been identified in the sample posted by the hacker. This means that even one email address can be enough for a cybercriminal to cause great harm.
In addition, malicious agents can combine the information contained in leaked files with other data breaches to create a detailed profile of their potential victims. Having this information in their hands, they can perform much more convincing phishing as well social engineering attacks or even identity theft against people whose information has been exposed to the hacking forum.
If you suspect that your LinkedIn profile data has been stolen by malicious agents, we recommend that you do the following::
- Be especially wary of suspicious LinkedIn messages and login requests from strangers.
- Change your LinkedIn and email account passwords.
- Consider using a password manager to create strong passwords and store them securely.
- Enable 2-factor authentication (XNUMXFA) on all your online accounts.