LinkedIn denies data breach exposing data of over 700 million users
LinkedIn has denied allegations of data breach after LinkedIn data of over 700 million users was reported exposed on the dark web.
According to a report by Restore Privacy, an unknown hacker has obtained a new dataset of over 700 million LinkedIn users containing details including phone numbers, physical addresses, geolocation data, and inferred salaries.
This accounts of over 92 per cent of LinkedIn users compromised in this new breach.
Scrapped data
The professional networking platform has denied a breach and has said that the data posted up for sale includes scrapped data from the website and other various websites. It further said it contains the same data that was leaked during the April 2021 leak.
“Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed,” LinkedIn said in an update posted to its website.
“Our initial investigation has found that this data was scrapped scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update,” it added.
In April this year, a huge batch of data of 500 million LinkedIn users had been put up for sale on a popular hacker forum, Cybernews had reported. The dataset had purportedly been scrapped from over 500 LinkedIn profiles and has been put up for sale online with another two million records leaked as a proof-of-concept sample, the report had said.
The leaked information includes users’ full names, email addresses, phone numbers, workplace information, among other details, as per the report.
The Microsoft-owned professional networking platform, acknowledging the report, had said that the database contained information scrapped from multiple places and was not entirely scrapped from the platform. It further said that it was not a LinkedIn data breach.
“We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scrapped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review,” the company had said in a statement.
Sample dataset
The new dataset of 700 million users has also been put up for sale on the Dark Web. The hacker has posted a sample set of one million users for buyers, as per the RestorePrivacy report. The sample data was also cross-verified by 9to5Google.
The sample dataset up on the Dark Web includes user information such as email addresses, full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, inferred salaries, personal and professional experience/ background, gender, and social media accounts and usernames.
According to 9to5Google that reached out directly to the hacker, the hacker claims to have obtained the data by exploiting the LinkedIn API to harvest information that people upload to the site.
“Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable,” LinkedIn said in its statement.