700 Million User Records Scraped From LinkedIn Are For Sale Online And It's Not Pretty
If you have been on the internet for any length of time, there is a pretty good chance that at least some of your personal information is out there in a database. However, if you happen to use LinkedIn
, these odds have now gone significantly up. Some malicious people have managed to scrape information like phone numbers and emails for millions of accounts from the business networking site and are now selling it online.
On June 22nd, "GOD USER" TomLiner posted to popular hacking
and leak trading site RaidForums, explaining that he had collected 700 million LinkedIn records from this year. These records have been verified to include full user names, birthdays, social media handles, email addresses, job titles, estimated salary, location and much more. He also provided a 1M record sample and his Telegram contact info to work out a deal with any interested parties.
It appears, however, that TomLiner is not the only person who managed to scrape data from LinkedIn, as several other similar posts are offering LinkedIn records. It is unknown, though, if these are included in this new dump of 700 million records by TomLiner, but it is a major privacy
concern either way.
In any event, Madeleine Hodson at Privacy Sharks reached out to LinkedIn
after finding this data, who replied with the following official statement:
"While we're still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members' privacy is protected."
Interestingly, we found that TomLiner has offered up LinkedIn data in the past, such as a whopping one billion LinkedIn record data dump. Thus, whether TomLiner is piecemealing out LinkedIn data remains to be seen, but it should be concerning no matter what. Furthermore, this is a cold reminder that LinkedIn needs to batten down the hatches and ensure user data is secure, as it is very hard to scrub the web of your name, phone number, and other relatively private information once it is exposed. Finally, it's surprising that LinkedIn's parent company, Microsoft
, didn't have better housekeeping practices in this situation.
It's quite the wake-up call for MSFT, which as of late has been flexing its security watchdog muscles at any opportunity. Not a good look.