LinkedIn Data Leak - What We Can Do About It

1
LinkedIn Data Leak 3 Years Later, What We Can
Do About It
https//cybernewslive.com/
2
Summary In June 2021, a hacker known as
TomLiner advertised the information of 700
million LinkedIn users for sale on a darknet
forum, constituting a significant portion of its
user base. This followed a similar incident in
April 2021 where 500 million LinkedIn records
were offered by the same seller. A verified
sample of 1 million users was released, revealing
details such as email addresses, names, phone
numbers, and more, excluding passwords and credit
card information. The breach resulted from the
misuse of LinkedIns API, raising potential
security risks for users. LinkedIn, claiming it
was a result of data scraping, not a breach, has
implemented corrective measures. However, users
are warned of potential social engineering
attempts. LinkedIn users should stay vigilant for
email scams, especially phishing attempts, and
change passwords if compromise is suspected. The
incident was reported to police enforcement.
3
Businesses utilising LinkedIn should notify
staff, promote password changes, and educate them
on data hygiene. Robust spam controls and
employee training to identify phishing are
critical. Companies should avoid assisting stolen
data dealers while emphasising ethical business
practices. The LinkedIn data leak emphasises the
necessity of individual and business awareness in
the face of cyber security threats, as well as
proactive actions and ethical considerations in
the world of technology. The LinkedIn data leak
has raised serious worries about the security of
user information on the popular professional
networking platform. With a hacker advertising
the data of roughly 700 million LinkedIn users,
accounting for an estimated 90 of its user base,
the scope of this issue highlights the necessity
for prompt attention and proactive steps.
4
A LinkedIn breach has the potential to expose
sensitive information, emphasising the need to
appropriately deal with the aftermath. In this
setting, recognising what steps can be taken is
critical for both individuals and organisations
to protect themselves from potential hazards.
This article explores the ramifications of the
LinkedIn data leak and offers suggestions for
mitigating its impact on user privacy and
internet security.
5
What Occurred?
In June 2021, a hacker using the alias TomLiner
openly offered for sale, on a darknet forum,
information belonging to 700 million LinkedIn
users roughly 90 of its entire user base! The
asking price for this data is 5,000. If proven
authentic, this incident would stand as the most
extensive LinkedIn data leak on record.
Interestingly, the same seller was responsible
for advertising 500 million LinkedIn records for
sale in April 2021. Subsequently, a sample of 1
million users was released on the dark web,
verified as legitimate, and confirmed to
correspond to actual LinkedIn users. The data
appears to be current, spanning from 2020 to 2021.
6
How Did It Occur?
Recently, a third party exploited LinkedIns API
(Application Programming Interface) to illicitly
access the personal data of millions of users.
This misuse of the API poses potential security
risks for individuals and businesses relying on
LinkedIn for professional connections. LinkedIn
has asserted that corrective measures have been
implemented. In addressing this latest data leak,
LinkedIn maintains that it resulted from data
scraping and aggregation from various sources,
emphasizing that it was not a data breach.
According to their statement, no private LinkedIn
member data was exposed rather, this data leak
was a compilation from multiple websites,
companies, and publicly viewable member profile
data.
7
What Information Was Compromised?
Within the disclosed sample of 1 million entries,
various details were exposed, including email
addresses, full names, phone numbers, physical
addresses, geo-location records, LinkedIn user
profiles, personal and professional backgrounds,
gender, and other social media account usernames.
Importantly, the data being offered for sale did
not include passwords or credit card
details. Nevertheless, users are cautioned about
the potential for an elevated risk of social
engineering attempts. The leaked LinkedIn contact
details could be exploited in phishing and
identity theft attacks. This is particularly
concerning for individuals who have accounts on
multiple platforms like Facebook and Twitter,
where they share personal information. Cyber
criminals could leverage this data to create fake
LinkedIn accounts or gain unauthorized access to
other accounts. Stay vigilant and be mindful of
potential risks associated with this exposure.
8
What Comes Next?
Given the extensive scope of the data leak,
LinkedIn users should exercise heightened
vigilance against potential email scams,
particularly phishing attempts that may mimic
legitimate LinkedIn communications. In case of
any indications of possible account compromise,
users are strongly advised to promptly change
their passwords. LinkedIn is likely already
aware of suspicious accounts attempting to
exploit the leaked data. The platform recommends
users to actively monitor their LinkedIn email
addresses for any signs of suspicious activity.
Additionally, LinkedIn has reported the incident
to law enforcement authorities and expressed a
willingness to collaborate in further
investigations. However, the platform has not
disclosed specifics on how or why the leak
occurred.
9
Businesses leveraging LinkedIn for networking
should formulate strategies to address the
repercussions of the data leak. With LinkedIn
users spanning various positions and companies,
organisations must be mindful of potential
impacts on their daily operations. LinkedIn
itself may face repercussions as a result of this
incident. Beyond scrutiny from various quarters,
the platform could experience a decline in new
account sign-ups in the future. The fallout from
the leak underscores the need for both individual
users and businesses to remain cautious and
proactive in navigating the aftermath of this
security breach.
10
How Companies Can Respond
In light of the LinkedIn data leak, companies
utilizing this widely used platform should
promptly alert their employees to the situation.
Companies must advise their staff members to
review and update their LinkedIn passwords and
consider doing the same for other online accounts
that share the same password. Moreover, companies
play a pivotal role in educating employees on
effective data hygiene and privacy practices,
empowering them to safeguard against potential
future data breaches.
11
Beyond raising awareness, companies should
implement more robust spam controls and provide
training to employees to recognize social
engineering and phishing campaigns. Information
security awareness tools, such as Phishing Quiz
with Google (https//phishingquiz.withgoogle.com),
serve as valuable resources in this context. For
a more comprehensive approach, solutions like
KnowBe4, offering information security awareness
training, can enhance employees understanding of
how hackers target workplace data. Lastly,
companies must refrain from supporting or
engaging with sellers of stolen data. The
purchase of such data should be avoided as part
of ethical business practices. A proactive and
informed approach on the part of companies is
essential in mitigating the potential risks
associated with the LinkedIn data leak and
promoting a secure digital environment for both
employees and the organisation.
12
How do Regular LinkedIn Users Respond?
LinkedIn users must maintain heightened vigilance
regarding potential online threats. Ensure the
security of your LinkedIn account by using a
robust password and activating two-factor
authentication (2FA) for an added layer of
protection. This practice is not only applicable
to LinkedIn but should also be extended to other
online accounts. Additionally, exercise caution
when installing browser extensions or any
unverified applications on your computer.
13
Take proactive measures to assess whether your
email address or phone number has been
compromised. Utilize websites like Have I Been
Pwned, accessible at https//haveibeenpwned.com/,
to check for potential data breaches. Stay
vigilant and actively work to minimize the
potential impact on your online accounts.
Exercise discretion before uploading or sharing
personal information online, operating under the
assumption that it may be exposed publicly. By
adopting these precautions, LinkedIn users can
enhance their overall online security posture in
response to the data leak.
14
In conclusion
The LinkedIn data leak serves as a stark reminder
of the ever-present cyber security challenges
individuals and organisations face in an
increasingly interconnected digital landscape. As
users grapple with potential threats arising from
the exposure of personal information, swift and
decisive actions are imperative. Vigilance,
coupled with proactive steps such as updating
passwords, enabling two-factor authentication,
and heightening awareness of social engineering
tactics, can contribute to fortifying online
defences. Organisations, must play a pivotal role
in educating employees, implementing stringent
security measures, and refraining from engaging
with stolen data sellers. By collectively
prioritizing cyber security practices, users and
companies alike can navigate the aftermath of the
LinkedIn data leak with resilience and a
commitment to reinforcing data protection
standards in an ever-evolving online environment.
15
CTA
Learn How to Safeguard Against the LinkedIn Data
Leak. Stay Informed and Take Action Now! Watch
Cyber News Live for Essential Insights and
Practical Tips.
16
THANK YOU!
Website
https//cybernewslive.com/
Phone Number
1 571 446 8874
Email Address
contact_at_cybernewslive.com