Moreover, during the same month, a third threat actor took it a step further, when he offered to sell stolen LinkedIn records filtered by profession, including LinkedIn accounts of 12.9 million IT personnel, 6.7 million HR professionals and 4.8 million finance executives. In August 2021, another threat actor leaked millions of records of LinkedIn users, also filtered by country, on a Dark Web forum (the original database was leaked in June 2021).
This was a major move in the direction toward packaging and selling personal data stolen from social media companies. The fact that it was divided into countries received positive comments from multiple forum members due to the novel convenience it offered to the market for stolen data. In February 2021, a threat actor offered a database of over 500 million Facebook accounts, filtered by country, for sale on a Dark Web form. While cybercriminals have traditionally focused on targeting corporations through ransomware attacks and theft, the landscape has shifted to one that steals and sells data – and information on the general public is the product being sold. And the rest of us have never been so vulnerable. For threat actors, finding their next target has never been so easy. Across Dark Web forums, services offer large-scale data filtered by categories, such as target country or profession. But a new, concerning data breach trend is emerging. Stolen data can be used for various types of attacks, including spear-phishing, random malspam campaigns, etc.
LINKEDIN DATA BREACH FOR FREE
“It’s our job as informed consumers to be aware of the information we expose publicly and how cybercriminals can use it in a worst case scenario.The fact that multiple databases of stolen records are shared for free on Dark Web platforms is not new. Be mindful of your constantly growing (and never shrinking) online dossier/file. “The most basic and imperative action is to know when that happens. But he argues social media platform users need to be informed and remain careful about personal data they submit. It’s only a matter of time before this information is exposed to cybercriminals,” he says.īalan says social media companies like LinkedIn continue to get better at preventing scraping bots and other information-gathering tools. “Information we are constantly sharing with an increasing number of people, social media networks and organizations. This is an important detail for anyone exposing an API on the internet – it’s only a matter of time before your APIs are discovered and abused.”Īs organisations shore up their cybersecurity defences following several recent high profile data breaches, Mackey suggests hackers will shift their focus to abusing legitimate access methods like APIs provided by businesses to access data.Īlex Balan, Director of Security Research at Bitdefender, says users can expect their personal data to be disseminated. “Where legitimate users care about terms of service, criminals won’t. Principal security strategist at Synopsys, Tim Mackey, says while the cybersecurity breach may not constitute a data breach, the misuse of LinkedIn’s API leaves millions of LinkedIn users open to identity theft, phishing attempts, social engineering attacks, and hacked accounts. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed.” “Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping. On Tuesday, LinkedIn also denied a data breach had occurred. But LinkedIn admitted it also included publicly viewable member profile data that was scraped from user profiles. The social media giant said the information was an aggregation of data from multiple websites and companies. At the time, LinkedIn denied a data breach had occurred. Login credentials and credit card details held by LinkedIn was not included in the list of available data.Įarlier this year, LinkedIn made the news when hundreds of millions of user details were also posted for sale on a darknet forum.
LINKEDIN DATA BREACH FULL
The data available included email addresses, full name, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experience, gender, and other social media accounts and usernames. Saying data from 700 million (or 92% of all LinkedIn users) was available for sale, the hacker provided a sample of a million records as proof.
On June 22, a hacker began advertising data from LinkedIn accounts on RaidForums. It the second significant cybersecurity incident this year on the professional networking platform. That data was obtained through the LinkedIn application programming interface (API) and other external sources. A hacker posted the personal information of 700 million LinkedIn users on the darknet last week.
0 kommentar(er)
