93% of LinkedIn Users' Data Scraped and Up for Sale Online
For the second time this year, data from 700 million LinkedIn users is up for sale online, potentially putting nearly 93% of their user base at risk of social engineering and spear phishing attacks.
Just days after a data-scraping operation aimed at LinkedIn was discovered, a well-known hacker posted the data for sale on a popular dark web forum. The data includes a number of details about each user, including:
Email addresses
Full names
Phone numbers
Physical addresses
Geolocation records
LinkedIn username and profile URL
Personal and professional experience/background
Genders
Other social media account usernames
While the data posted did not include any login information or financial data, the vast amount of personal details harvested by exploiting LinkedIn’s application program interface (API) still presents a number of concerns for affected users.
LinkedIn’s response acknowledges the abuse of LinkedIn data, but points out that it’s not technically a breach since the information was public.
In a statement posted to their website, LinkedIn wrote, “Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.”
What’s the Danger in Data Scraping?
Data scraping, also known as web scraping, is the process of importing information from a website into a spreadsheet or local file saved on your computer. It’s one of the most efficient ways to get data from the web, and in some cases to channel that data to another website. Popular uses of data scraping include:
Research for web content/business intelligence
Pricing for travel booker sites/price comparison sites
Sending product data from an e-commerce site to another online vendor (e.g. Google Shopping)
While data scraping itself isn’t necessarily good or bad, it can be dangerous when used for malicious purposes. Data scraping can leave users’ personal identifiable information (PII) vulnerable, which can open doors for cybercriminals and hackers to use this data for further targeted cyberattacks and can give hackers the ability to perpetrate highly effective spear-phishing attacks.
LinkedIn isn’t the only social media site that’s recently been a victim of data scraping. In April, it was revealed that the data of more than 533 million Facebook users was scraped in Sept. 2019. But LinkedIn’s public data is more valuable to threat actors because of the business intelligence that can be gleaned from LinkedIn.
In today’s high stakes job market, people keep their LinkedIn profiles current with details like employer, job title, business email and phone number, etc. When this information is scraped at scale, hackers can use these details to launch highly targeted cyberattacks.
What Can I Do to Protect Myself?
Though LinkedIn has stressed that no private member account data (login credentials, financial data, etc.) was compromised, just knowing that cybercriminals are armed with so many impactful details may make you feel uneasy.
With phishing attempts reportedly on the rise during 2021, the incident presents a potential point of vulnerability for the vast majority of the professional community on the social media site. For users whose data is affected, risks include phishing attacks as well as identity theft attempts.
Standard cybersecurity hygiene remains your best first defense against these types of scams. Three quick, but effective, ways to strengthen your online security include the following:
1. Enable multi-factor authentication (MFFA) where available.
Multi-Factor Authentication, also known as MFA, is a security system that verifies a user’s identity by requiring multiple credentials. Rather than just asking for a username and password, MFA requires additional credentials to verify it’s really you trying to access sensitive data. Many websites now offer MFA options. To learn more about multi-factor authentication, check out this article.
2. Remain vigilant about identifying potentially malicious communications.
A phishing attack is a form of social engineering by which cyber criminals attempt to trick individuals by creating and sending fake emails, text messages, or social media messages that appear to be from an authentic source, such as a business, colleague, or friend. Armed with the personal information from this data scrape, cybercriminals will have more ways to personalize their attacks. Looking for ways to spot an email scam? Read these 5 tips.
3. Clean up your social media accounts.
You can avoid being swept up in the next data scrape by providing only the minimum amount of information required to maintain any type of social media account. Don’t overshare details that could be used to identify you or make it easier for a hacker to trick you into falling for a scam. Also, consider denying social media platforms access to your GPS data. Many of the LinkedIn records up for sale contained specific geographic coordinates of home addresses, workplaces, etc.
Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. With a customer retention of over 98%, we pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.