Alleged LinkedIn data for sale is scraped, not breached

The world’s largest professional network LinkedIn has investigated the alleged dataset of its user information that has been posted for sale online in June 2021, clarifying that this is not a data breach and no private member information was exposed.

Reportedly the second massive LinkedIn data breach this year following a similar incident in April, a total of 700 million records dated 2021 were advertised for sale by a user of a popular hacker forum on June 22.

The user posted a sample of the alleged LinkedIn data containing 1 million users. This contains information such as email addresses, full names, phone numbers, residential addresses, geolocation records, username, profile URL, personal and professional experience and background, gender, and linked social media accounts.

If the claim is true, the compromised data would affect around 92% of 756 million members in more than 200 countries and territories worldwide.

Based on LinkedIn’s initial investigation, the data was scraped from the network and other various websites. It also includes the same data reported earlier this year in LinkedIn’s April 2021 scraping update. (Read: Ransomware, data breach, cyberattack: What do they have to do with your personal information, and how worried should you be?)

The data compromised in April was determined to be an aggregation of data from a number of websites and companies. This includes publically viewable member profile data that appears to have been scraped from LinkedIn.

Likewise, the social network said back then that it was not technically a data breach since no private member account data was included in their review.

“Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable,” LinkedIn said in an official statement following the June 2021 incident.

According to privacy and security resource center RestorePrivacy, which reached out to the user who posted the LinkedIn data for sale, the data was claimed to have been obtained by misusing the LinkedIn API to harvest information uploaded to the website. LinkedIn explained that not all of the data could have been acquired through the said API, with some likely coming from other sources.

LinkedIn users have since been warned against potential threats such as hacking, identity theft, phishing, and social engineering attacks in light of the scraped data. They are advised to secure their accounts by updating passwords for LinkedIn and other online accounts, as well as enabling two-factor authentication. Other precautionary measures include a password manager, virtual private network (VPN), antivirus software, and encrypted email services.

Moreover, online users can check whether their email address or telephone number has been involved in any data breach by visiting Have I Been Pwned..

If you like reading our content, why not show your appreciation by treating us to a cup of coffee? (or two, if you’re feeling generous)