A Hacker Is Selling the User Data of 500 Million LinkedIn Users Online

MakeUseOf

By Jessibelle Garcia

Published Apr 11, 2021

To prove that the data is real, the hacker posted the personal info of two million LinkedIn users to the online forum.

Sad to say, but it seems like as the coronavirus pandemic worsens, hacking becomes more common.

According to Verizon, personal data was involved in roughly half (58 percent) of cybersecurity breaches last year. Well, if early 2021 is an indication of what's to come, this year isn't going to see much better.

Yet another major social media platform has had a chunk of its userbase compromised.

Hacker Wants Four Figures for a Database of 500 Million LinkedIn Users

On April 6, Cybernews reported that an archive containing user data scraped from 500 million LinkedIn profiles had been posted to unnamed "popular hacking forum." And just in case you don't believe the records are legitimate, the post author also leaked two million records leaked as a proof-of-concept sample.

The data scraped from the LinkedIn profiles includes LinkedIn IDs, full names, professional titles, addresses, phone numbers, genders, and links to social media profiles.

To view the sample, it costs other forum users around $2 worth of forum credits. For the whole database, it seems the hacker is asking for thousands of dollars. "Also selling 500M profiles, PM [private message] me for 4 digit $$$$ minimum price," they write.

On April 8, a LinkedIn Pressroom post confirmed that the data being sold on this forum was not acquired through a data breach.

We have investigated (...) and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.

At the time of writing, it's unclear whether the 200 million records are linked to Golden Chicken, the group of hackers reportedly sending fake job offers on LinkedIn.

Does LinkedIn Need to Tighten Its Security Too?

While it's a relief (sort of, anyway) that the user data shared to the forum is aggregated and not as a result of a recent LinkedIn breach, this might still be a sign that LinkedIn should better its security. A good recent example is Twitter, which now allows you to use multiple physical keys to login.

This unfortunate event mirrors the recent re-release of the 2019 Facebook hacked data that hit multiple outlets as a "new" leak. When the story first broke, people thought it was another security breach.

Additionally, you can see if your email address has been exposed in this data leak or other security breaches using Cybernews' free online personal data leak checker. The company claims that it searches for your address in a library of 15+ billion breached records.