In what has become a common occurrence for large companies in 20201, LinkedIn, a popular business and employment service, suffered a massive data release that compromised the information of 700 million users.
The incident occurred in late June 2021, and the full scope of the hackers’ activity is becoming clearer by the day.
The LinkedIn “hack” was first mentioned on June 22, 2021. It was first revealed during a post on a hacker forum, RaidForums. On that site, a poster claimed to have the personal information of 700 million LinkedIn users for sale, and the individual leaked one million accounts’ data as proof.
LinkedIn has assured users that no member data was exposed. Rather, individuals “scraped” the full names, email addresses, genders, phone numbers, and industry information from hundreds of millions of users.
Scraping data, harvesting information from a website for use by others, is a hot topic in the world of online businesses. A previous ruling by the 9th US Circuit Court of Appeals ruled that scraping data is legal, but that ruling is being challenged once again. At the very least, data scraping is against LinkedIn terms of service.
Scraping data can yield valuable, actionable information to hackers that want to engage in phishing, social engineering, and brute force attacks that could lead to actual hacks and data breaches.
This Is Not the First Occurrence
The news of the latest LinkedIn incident comes on the heels of many other data breaches that have occurred in 2021. The highly-publicized Colonial Pipeline hack along with the JBS food processor breach represent two of the most massive incursions in recent months, and many others have occurred.
Among the previous incidents was another data scraping incident at LinkedIn that took place back in April. That event compromised the information of 500 million users and resulted in a government inquiry into the company’s operations.
During that event, two million user records were leaked as proof of the successful data scraping, but it is unknown whether that information was used in further hacks.
What Does This Mean for LinkedIn Users?
Individuals that use LinkedIn and had their information leaked should consider themselves prime targets for an actual hack. A person’s email address, phone number, name, and employer are more than enough for a hacker to start trying to get into a person’s other accounts.
Users that have had information leaked need to start changing passwords and securing their accounts. Increase the security of your email along with any accounts associated with that email address. Double-check to make certain you have not used the same login data for your LinkedIn and another website as well.
Business owners that have suffered from this incursion should consider changing their login information to LinkedIn and other accounts associated with the email used to sign up. Moreover, this should serve as a reminder to consistently update your company’s security protocols and consult with third-party support if you lack the capabilities to keep your business ahead of the curve.
The LinkedIn information dump is one on a long list of data leaks and hacks in 2021, but this one has great potential to affect the lives of regular people. It is imperative to see if your data or that of your business was leaked. If your information did find its way onto the web, then you must act swiftly to prevent a more severe hack in the future.
For more cybersecurity news and tips tune in weekly to our blog so you don't miss out!