For all of the jokes that the internet makes at the expense of LinkedIn, it’s still one of the best ways to quickly and easily share your resume with employers and connect with people across your industry. Of course, there are other reasons that LinkedIn actually deserves our ire, such as leaking personal information. Unfortunately, a new LinkedIn data leak has been reported.
According to RestoreSecurity, a recent data leak gave a hacker access to data from 700 million user accounts on LinkedIn. The website claims that 756 million members have joined the social network, so that means that over 90% of all LinkedIn accounts have been affected by this attack.
What’s inside the LinkedIn data leak?
RestorePrivacy reports the hacker is on a popular dark web forum attempting to sell a database of 700 million LinkedIn records. The hacker published a free sample of one million records to entice potential buyers. The records contain a plethora of information: Full names, email addresses, phone numbers, physical addresses, work experience details, and other social media accounts.
The team at RestorePrivacy analyzed and cross-checked data from the sample with publicly available data to determine that it is actually authentic. The team also found that much of the data is current. Much of the information was updated on user profiles as recently as 2020 or even 2021.
The hacker selling the leaked LinkedIn data wasn’t shy about revealing his methods for obtaining the data. He tells RestorePrivacy that he exploited the LinkedIn API to harvest data from the site. At the time of writing, the massive trove of LinkedIn records is still up for sale on the forum.
Here’s what LinkedIn had to say about the massive leak when reached for comment:
While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.
No private data was contained in the LinkedIn data leak, according to the company’s claims. But that’s cold comfort for the affected users. Even if the data was publicly available, it shouldn’t be this easy to scrape it all from the site.