LinkedIn Users Exposed on Hacker Forums

With every new day comes a new data breach that exposes the personal data of countless people. The most recent in this troubling trend is the LinkedIn data breach, an event that exposed 700 million profiles and led them to be put on sale on a hackers forum. LinkedIn denies the data breach, but how much truth is in this statement? Let’s take a closer look.

LinkedIn’s Sketchy Security History

LinkedIn is a social media site for professionals to network with other professionals, and this reputation for being a place for professionals to gather and share ideas makes it a huge target for hackers. In 2012, a Russian hacker stole 6.5 million accounts, exposing 100 million email addresses and passwords. One year later, more controversy surfaced as LinkedIn used man-in-the-middle attacks to intercept user emails and move them to LinkedIn servers. In 2018, following Microsoft’s acquisition of LinkedIn, users began to receive extortion emails from account information that had been for sale on the Dark Web.

In addition to these instances, LinkedIn has historically been connected to other security breaches, including fake LinkedIn accounts used to steal data and allow unauthorized access to third-party networks.

2021 Issues

This past April, 500 million LinkedIn user accounts went up for sale on a popular hacker forum. This new posting was not the result of a data breach; the information was scraped, but still included vital information such as full names, email addresses, phone numbers, workplace information, and so on. Since LinkedIn has around 740 million users, this hack hit the majority of people who use LinkedIn.

Furthermore, as if these developments weren’t already cause for concern, LinkedIn has reportedly been removing access to scholars and other active individuals inside China without any sort of explanation. This has led many intellectuals and other active users of the platform to suspect that the company is censoring information to operate in the Chinese market–a market that is notorious for suppressing the availability of information to its population.

Recently it was reported that a data breach allowed hackers to make information public from over 700 million records from LinkedIn (about 92 percent of its user base). LinkedIn denied the data breach, issuing the following statement:

  • Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.

  • Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.

  • For additional information about our policies and how we protect member data from misuse: https://www.linkedin.com/help/linkedin/answer/56347/prohibited-software-and-extensions

What is Scraping?

Scraping is a method of data harvesting that can also be called web scraping or web harvesting. It is when hackers use software to copy material from websites using the websites’ code. Hackers use this method to gain valuable information from websites without going through the normal methods. For business websites that get scraped, hackers actually don’t have to do as much work as you might expect. Some use the open nature of business’ API, or application programming interface, to gain direct access to data that they want to steal.

It just goes to show that maybe we should not trust these major corporations with sensitive data as we would like to. If you want to maximize your ability to secure data and stay safe online, Lantek can help. To learn more, reach out to us at (610) 683-6883.

July 23, 2021
Shawn Kramer