A new massive LinkedIn breach made the headlines, a database containing data of 700M users, more than 92% of the total 756M users, is available for sale on forums on the dark web.
The exposed records include email addresses full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experience/background, genders, and other social media accounts and usernames. Passwords are not included in the archive.
The threat actor that is offering for sale the data shared a sample of 1M records as proof of the authenticity of the archive. According to media that analyzed the data were able to confirm that they are genuine and up-to-date.
According to the RestorePrivacy website, the threat actor abused the official LinkedIn API to download the data
“We reached out directly to the user who is posting the data up for sale on the hacking forum. He claims the data was obtained by exploiting the LinkedIn API to harvest information that people upload to the site.” reported RestorePrivacy.
Data available for sale exposes 700+ million people at risk of cybercriminal activities, including identity theft, phishing and social engineering attacks, and account hijacking.
(SecurityAffairs – hacking, LinkedIn)