Is yourĀ LinkedInĀ among them?Ā
In late June of this year,Ā theĀ personal data ofĀ hundreds ofĀ millions of LinkedIn users was auctioned for sale on the dark web.Ā Ā
TotalingĀ justĀ over 93% of theĀ social media platformās account holders,Ā the enormous scale of thisĀ data leakĀ alone makes it of concern to users and businesses alike.Ā Whatās more, samples of the data set posted by hackers imply that at least some of this data was acquiredĀ veryĀ recently; as in, within the years 2020 and 2021.Ā
WhileĀ LinkedInĀ officialsĀ maintain thatĀ no login credentials were leaked,Ā the informationĀ for saleĀ did include:Ā Ā
- Full namesĀ
- Phone numbers &Ā someĀ email addressesĀ
- Home & business addressesĀ
- Geolocation resultsĀ
- Other social media accounts & usernamesĀ
The total price for millions ofĀ usersāĀ private info? Just $5,000.Ā
Curiously, however, LinkedIn officials found that most of this data was not stolen from their site, but rather scraped from other public records and then matched to LinkedIn user data. In this case, bad actors combine easily discoverable information from multiple sources to create one, more robust database in the hope of striking gold. Ā
On a positive note, this kind of data collection usually wonāt expose anything incredibly private. But donāt get too comfortable. This leak ā and others like it ā are playing a long game. By building OSINT (open-source intelligence) databases, hackers aim to garner a better understanding of would-be victims and store it for future use. Ā
So, while the sensitive data of LinkedIn users might be safe for now ā the more information bad actors can scrape up about you online, the more fodder they have for more dangerous attacks in the future. Ā
Donāt Get Scared, Get PreparedĀ
Letās not panic just yet.Ā Ā
EMPIST can help you create a cybersecurity program that doesnāt just protect you from the worst of the worst (although, we do that too). We know that even seemingly innocuous activities have the potential to threaten your security. To learn more about EMPIST cybersecurity services, visit us online today or contact our team right now!Ā Ā
EDIT: An earlier version of this blog stated that this attack on LinkedIn was a data breach. LinkedIn officials maintain that, because no private data was stolen, this is not a data breach. The blog has been updated to reflect this finding.