LinkedIn Data Leak – 3 Years Later, What We Can Do About It
In June 2021, a hacker known as “TomLiner” advertised the information of 700 million LinkedIn users for sale on a darknet forum, constituting a significant portion of its user base. This followed a similar incident in April 2021 where 500 million LinkedIn records were offered by the same seller. A verified sample of 1 million users was released, revealing details such as email addresses, names, phone numbers, and more, excluding passwords and credit card information. The breach resulted from the misuse of LinkedIn’s API, raising potential security risks for users. LinkedIn, claiming it was a result of data scraping, not a breach, has implemented corrective measures. However, users are warned of potential social engineering attempts. LinkedIn users should stay vigilant for email scams, especially phishing attempts, and change passwords if compromise is suspected. The incident was reported to police enforcement. Businesses utilising LinkedIn should notify staff, promote password changes, and educate them on data hygiene. Robust spam controls and employee training to identify phishing are critical. Companies should avoid assisting stolen data dealers while emphasising ethical business practices. The LinkedIn data leak emphasises the necessity of individual and business awareness in the face of cyber security threats, as well as proactive actions and ethical considerations in the world of technology.
The LinkedIn data leak has raised serious worries about the security of user information on the popular professional networking platform. With a hacker advertising the data of roughly 700 million LinkedIn users, accounting for an estimated 90% of its user base, the scope of this issue highlights the necessity for prompt attention and proactive steps.
A LinkedIn breach has the potential to expose sensitive information, emphasising the need to appropriately deal with the aftermath. In this setting, recognising what steps can be taken is critical for both individuals and organisations to protect themselves from potential hazards. This article explores the ramifications of the LinkedIn data leak and offers suggestions for mitigating its impact on user privacy and internet security.
What Occurred?
In June 2021, a hacker using the alias “TomLiner” openly offered for sale, on a darknet forum, information belonging to 700 million LinkedIn users – roughly 90% of its entire user base! The asking price for this data is $5,000. If proven authentic, this incident would stand as the most extensive LinkedIn data leak on record. Interestingly, the same seller was responsible for advertising 500 million LinkedIn records for sale in April 2021. Subsequently, a sample of 1 million users was released on the dark web, verified as legitimate, and confirmed to correspond to actual LinkedIn users. The data appears to be current, spanning from 2020 to 2021.
How Did It Occur?
Recently, a third party exploited LinkedIn’s API (Application Programming Interface) to illicitly access the personal data of millions of users. This misuse of the API poses potential security risks for individuals and businesses relying on LinkedIn for professional connections. LinkedIn has asserted that corrective measures have been implemented. In addressing this latest data leak, LinkedIn maintains that it resulted from data scraping and aggregation from various sources, emphasizing that it was not a data breach. According to their statement, no private LinkedIn member data was exposed; rather, this data leak was a compilation from multiple websites, companies, and publicly viewable member profile data.
What Information Was Compromised?
Within the disclosed sample of 1 million entries, various details were exposed, including email addresses, full names, phone numbers, physical addresses, geo-location records, LinkedIn user profiles, personal and professional backgrounds, gender, and other social media account usernames. Importantly, the data being offered for sale did not include passwords or credit card details.
Nevertheless, users are cautioned about the potential for an elevated risk of social engineering attempts. The leaked LinkedIn contact details could be exploited in phishing and identity theft attacks. This is particularly concerning for individuals who have accounts on multiple platforms like Facebook and Twitter, where they share personal information. Cyber criminals could leverage this data to create fake LinkedIn accounts or gain unauthorized access to other accounts. Stay vigilant and be mindful of potential risks associated with this exposure.
What Comes Next?
Given the extensive scope of the data leak, LinkedIn users should exercise heightened vigilance against potential email scams, particularly phishing attempts that may mimic legitimate LinkedIn communications. In case of any indications of possible account compromise, users are strongly advised to promptly change their passwords.
LinkedIn is likely already aware of suspicious accounts attempting to exploit the leaked data. The platform recommends users to actively monitor their LinkedIn email addresses for any signs of suspicious activity. Additionally, LinkedIn has reported the incident to law enforcement authorities and expressed a willingness to collaborate in further investigations. However, the platform has not disclosed specifics on how or why the leak occurred.
Businesses leveraging LinkedIn for networking should formulate strategies to address the repercussions of the data leak. With LinkedIn users spanning various positions and companies, organisations must be mindful of potential impacts on their daily operations.
LinkedIn itself may face repercussions as a result of this incident. Beyond scrutiny from various quarters, the platform could experience a decline in new account sign-ups in the future. The fallout from the leak underscores the need for both individual users and businesses to remain cautious and proactive in navigating the aftermath of this security breach.
How Companies Can Respond:
In light of the LinkedIn data leak, companies utilizing this widely used platform should promptly alert their employees to the situation. Companies must advise their staff members to review and update their LinkedIn passwords and consider doing the same for other online accounts that share the same password. Moreover, companies play a pivotal role in educating employees on effective data hygiene and privacy practices, empowering them to safeguard against potential future data breaches.
Beyond raising awareness, companies should implement more robust spam controls and provide training to employees to recognize social engineering and phishing campaigns. Information security awareness tools, such as Phishing Quiz with Google (https://phishingquiz.withgoogle.com), serve as valuable resources in this context. For a more comprehensive approach, solutions like KnowBe4, offering information security awareness training, can enhance employees’ understanding of how hackers target workplace data.
Lastly, companies must refrain from supporting or engaging with sellers of stolen data. The purchase of such data should be avoided as part of ethical business practices. A proactive and informed approach on the part of companies is essential in mitigating the potential risks associated with the LinkedIn data leak and promoting a secure digital environment for both employees and the organisation.
How do Regular LinkedIn Users Respond?
LinkedIn users must maintain heightened vigilance regarding potential online threats. Ensure the security of your LinkedIn account by using a robust password and activating two-factor authentication (2FA) for an added layer of protection. This practice is not only applicable to LinkedIn but should also be extended to other online accounts. Additionally, exercise caution when installing browser extensions or any unverified applications on your computer.
Take proactive measures to assess whether your email address or phone number has been compromised. Utilize websites like Have I Been Pwned, accessible at https://haveibeenpwned.com/, to check for potential data breaches. Stay vigilant and actively work to minimize the potential impact on your online accounts. Exercise discretion before uploading or sharing personal information online, operating under the assumption that it may be exposed publicly. By adopting these precautions, LinkedIn users can enhance their overall online security posture in response to the data leak.
In conclusion
The LinkedIn data leak serves as a stark reminder of the ever-present cyber security challenges individuals and organisations face in an increasingly interconnected digital landscape. As users grapple with potential threats arising from the exposure of personal information, swift and decisive actions are imperative. Vigilance, coupled with proactive steps such as updating passwords, enabling two-factor authentication, and heightening awareness of social engineering tactics, can contribute to fortifying online defences.
Organisations, must play a pivotal role in educating employees, implementing stringent security measures, and refraining from engaging with stolen data sellers. By collectively prioritizing cyber security practices, users and companies alike can navigate the aftermath of the LinkedIn data leak with resilience and a commitment to reinforcing data protection standards in an ever-evolving online environment.
CTA
Learn How to Safeguard Against the LinkedIn Data Leak. Stay Informed and Take Action Now! Watch Cyber News Live for Essential Insights and Practical Tips.