A dataset containing the information of 700 million LinkedIn users is being auctioned on a renowned hacker forum.
First reported by Privacy Sharks on June 27, the dataset contains information such as full names, gender, email addresses, phone numbers, and industry information. It was first shared on RaidForums by user TomLiner on June 22.
According to LinkedIn, the platform has 756 million users. If the profile information within the dataset is unique, then it would encompass over 92 per cent of all LinkedIn users.
Although the volume of the information is staggering, calling it a breach may be a bit far-fetched. In an email statement to Privacy Sharks, a LinkedIn spokesperson said that the data is scraped from many publicly available sources. While it does contain information from LinkedIn profiles, it’s also aggregated from various other channels such as websites and companies.
LinkedIn also assured its users that no private information, such as passwords and credit card information, is part of the dataset.
If this all sounds similar, it should be. Almost exactly the same thing happened in April when the data of 500 million LinkedIn users was posted on the same forum. The incident prompted an investigation into LinkedIn by Italy’s privacy watchdog.
While data scraping sounds benign compared to a full-on breach, it still poses a threat. Hackers can still leverage the information to perform attacks. Common ones include identity theft and phishing scams. Additionally, advertisers are always on the prowl for more inboxes to spam.
LinkedIn also emphasized that data scraping is against its terms of service in an official statement.
The case is still being investigated. In the meantime, users should change their passwords just in case.