A Huge LinkedIn Data Scrape Exposes 700 Million Accounts

Cybersecurity | November 16, 2021

Is your LinkedIn among them? 

In late June of this year, the personal data of hundreds of millions of LinkedIn users was auctioned for sale on the dark web.  

Totaling just over 93% of the social media platform’s account holders, the enormous scale of this data leak alone makes it of concern to users and businesses alike. What’s more, samples of the data set posted by hackers imply that at least some of this data was acquired very recently; as in, within the years 2020 and 2021. 

While LinkedIn officials maintain that no login credentials were leaked, the information for sale did include:  

  • Full names 
  • Phone numbers & some email addresses 
  • Home & business addresses 
  • Geolocation results 
  • Other social media accounts & usernames 

The total price for millions of users’ private info? Just $5,000. 

Curiously, however, LinkedIn officials found that most of this data was not stolen from their site, but rather scraped from other public records and then matched to LinkedIn user data. In this case, bad actors combine easily discoverable information from multiple sources to create one, more robust database in the hope of striking gold.  

On a positive note, this kind of data collection usually won’t expose anything incredibly private. But don’t get too comfortable. This leak – and others like it – are playing a long game. By building OSINT (open-source intelligence) databases, hackers aim to garner a better understanding of would-be victims and store it for future use.  

So, while the sensitive data of LinkedIn users might be safe for now – the more information bad actors can scrape up about you online, the more fodder they have for more dangerous attacks in the future.  

Don’t Get Scared, Get Prepared 

Let’s not panic just yet.  

EMPIST can help you create a cybersecurity program that doesn’t just protect you from the worst of the worst (although, we do that too). We know that even seemingly innocuous activities have the potential to threaten your security. To learn more about EMPIST cybersecurity services, visit us online today or contact our team right now 

EDIT: An earlier version of this blog stated that this attack on LinkedIn was a data breach. LinkedIn officials maintain that, because no private data was stolen, this is not a data breach. The blog has been updated to reflect this finding.

(Sources: Fortune, LinkedIn)