27 Apr Reported LinkedIn Data Breach: What You Need to Know
April 27, 2021
Just upon the heels of the Facebook Data Breach comes a recent report regarding scraped data of 500 million LinkedIn users being sold online on a popular hacker forum. It was mentioned that 2 million of these records were leaked as samples that contained professional-identifying information, such as full names, email addresses, phone numbers, workplace information, and other work-related data. Users from the hacker forum can view these leaked samples for $2 worth of forum credits, while the much larger 500-million user database was being auctioned for at least a 4-digit sum, likely in bitcoin.
This got the attention of another threat actor who piggybacked on this leak as a new collection of the LinkedIn database has been listed for sale ($7,000 worth of bitcoin) on the same hacker forum. This other user claims to have both the original 500-million database and six additional archives that allegedly include an additional 327 million scraped LinkedIn profiles.
However, given that LinkedIn has an actual user base of 740+ million, the claimed number of scraped profiles exceeds by more than 10%. This could mean some of the new data being sold by this other threat actor probably were either duplicates or outdated.
Meanwhile, LinkedIn made a statement, “This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.”
What You Should Know
Leaked information can be used to instigate malicious attacks, such as:
- Targeted phishing attacks.
- Brute-forcing the passwords and email addresses of compromised online accounts.
- SIM swap attacks, which use phone numbers to access multi-factor authentication codes.
- Smishing attacks, which also use phone numbers to text and induce individuals to reveal personal identifying information, which can be used to answer security questions and get into accounts, such as passwords, birth dates, or credit card numbers. Use Trend Micro Check to detect suspicious links ahead!
- Possible job scams. Please beware that scammers may offer fake job opportunities or even ask you to pay an “advance fee” for those jobs.
- Lastly, identity theft on the people whose information was exposed by a combination of the above-mentioned attacks.
Check If Your Information Was Leaked
Use Trend Micro ID Security to find out if your information was leaked in a data breach. It can monitor your identifying data and alert you if any of them has been compromised.
Trend Micro ID Security includes:
- Email Checker: Monitors whether your email account has been involved in a breach
- Credit Card Checker: Finds out if someone has stolen your credit card number due to a breach
- Password Checker: Verifies if you have used a password currently in circulation on the Dark Web
- Dark Web Personal Data Monitor: Scours the Dark Web for sensitive personal data like information of your bank account numbers, driver’s license data, social security number, and passport details