SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Email Security
#
Phishing
#
Banking
600 million profiles for sale on hacker forum - Third LinkedIn scrape in four months
Tue, 13th Jul 2021
FYI, this story is more than a year old
Author image
By Ryan Morris-Reade, Contributor
Follow us

LinkedIn has experienced another huge data scape, the third in four months, with 600 million profiles for sale online.

The LinkedIn profile data is for sale on a hacker forum for an unknown sum, and this time the threat actor claims the information is better than the last batch. They have shared samples that include full names, email addresses, and social media links, among other details.

While the data may be publicly available, all that information on hand makes it easy for malicious actors to quickly and conveniently choose social engineering targets with impunity.

Despite this, LinkedIn is unwilling to treat data scraping as a security issue.

“Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed,” LinkedIn said in a June statement following the data scrape of 700 million profiles.

Notably, LinkedIn has taken legal action against the talent management company hiQ Labs, which scrapes public LinkedIn data for employee information. hiQ Labs has contended that a ruling against data scraping could profoundly impact open access to the Internet.

The sample provided by the forum post author contains 632,699 LinkedIn profile entries, which include 154,204 user email addresses.

The data in the sample includes:

  • LinkedIn Ids
  • Full names
  • Email addresses
  • Phone numbers
  • LinkedIn profile URLs
  • Links to other social media profiles
  • Gender
  • Birthdates
  • Locations
  • Professional titles and other work-related data

The data can be used by threat actors in a number of ways. Phishers and spammers often use data acquired from scrapers to find new victims. For example, they might extract scraped public contact details and use them for robocalls, spam lists, and social engineering attacks, in which they can manipulate users into revealing their personal information and banking details.

Many web applications use scraping mitigation tools to help protect against hostile data collection by bots and threat actors. So far, LinkedIn hasn't implemented any robust anti-scraping measures.

Related stories
Half of online traffic in 2024 generated by bots, report finds
Check Point boosts email security with new AI-powered features
The rising threat of search engine ad abuse
New In the Wild 2024 report reveals key cyber threats
Cybersecurity services market to hit $445.3 billion by 2032
Top stories
Mandiant unveils latest M-Trends 2024 cybersecurity report
'Junk gun' ransomware: New low-cost cyber threat targets SMBs
Legit Security announces strategic partnership with GuidePoint Security
Healthcare sector's cybersecurity confidence misplaced, warns Kroll report
Gartner survey reveals challenges in zero-trust strategy implementation