LinkedIn has now reportedly exposed the data of around 700 million of its users.
LinkedIn has experienced the second massive data breach this year that has now reportedly exposed the data of around 700 million of its users. The breached data includes online and physical addresses, geolocation records as well as inferred salaries of the users and is now up for sale on the dark web.
It is being reported that the data breach affected more than 92 per cent of all LinkedIn users. Recently, it came to light as a user of a popular hacker forum online posted an advertisement for the data from 700 million LinkedIn users on June 22.
What was the information for?
The user tried to sell the information online, and for this, he/ she also posted a sample of the data breach. Data of a total of 1 million LinkedIn users are contained within the sample, as confirmed in a report by RestorePrivacy.
A recent report by the publication confirms that the data advertised by the hacker “is both genuine and up-to-date,” with data points dating from 2020 to 2021. The report further mentions that the breached data contains a plethora of information. Some of this includes users’ full names, email addresses, phone numbers, physical addresses as well as geolocation records.
What kind of information was shared?
Other such leaked data points include LinkedIn username and profile URL, personal and professional background, and even the mentions of users’ other social media accounts and usernames.
RestorePrivacy also reports that the hacker got hold of the data by exploiting the LinkedIn API. The vulnerability allowed the hacker to harvest the information that people upload to the site.
What’s the risk?
Although no passwords have been leaked in the data breach, the data points are still very valuable, as these can further be used in online phishing attempts that imitate someone else.
This is the second such breach of its kind, compromising the data of LinkedIn users. Data of around 500 million was stolen through the very same vulnerability from LinkedIn earlier in April. At the time, LinkedIn acknowledged the data breach, stating that the breach involved publicly viewable profile data that scraped from Linkedin.
Though the recent data breach is on the same lines and makes use of the same vulnerability, the company is yet to issue a statement on the mishap.