Another day, another data leak – this time, LinkedIn users are the victims. It was reported that a massive amount of LinkedIn account data was put for sale online, containing 500 million user records which include information such as email addresses, phone numbers, gender, professional details and more.
In response, LinkedIn’s corporate communication team has since released a statement, “We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies.”
The leaked data doesn't seem to contain any financial details, or legal documents, and according to LinkedIn, “no private member account data from LinkedIn was included”. However, it doesn’t help the fact that the “leaked” data was posted on a forum for hackers, with the threat actor reportedly looking to sell the stolen user database for at least "four-digit $$$$ minimum price".
CSA reached out to Acronis’ VP of Cyber Protection Research, Candid Wuest, regarding this incident and he said it is unfortunate that such incidents are no longer a surprise due to their rising frequency.
He related this to the recent data leak incident involving 500 million Facebook records – to which Facebook stated that it was caused by a bot abusing a vulnerability that was fixed in 2019. On LinkedIn’s breach, Candid said, “It is yet to be confirmed if the data was collected by a new scraping bot, if the attacker misused a vulnerability on the backend or if it contains data from previous LinkedIn breaches”.
When talking about the low selling price of the stolen data, Candid mentioned that it is of less value to attackers and won’t be selling for much as it contained no payment card details or passwords. “However, it does contain valuable personal information (workplace info, email, social accounts links), which is why it’s not published for free”, he added.
Candid said it’s not uncommon to see such data sets being used to send personalised phishing emails, extort ransom or earn money on the dark web – especially now that many hackers target job seekers on LinkedIn with bogus job offers, infecting them with a backdoor Trojan. For example, he pointed out that such personalised phishing attacks with LinkedIn lures have been used recently by the Golden Chicken group.
There is now a higher risk of LinkedIn phishing, SMS spam, as well as password reset attacks and attacks against other services that use SMS for MFA are now more likely. As such, Candid advises that users should therefore beware of suspicious LinkedIn messages and change from SMS-based MFA service where possible, especially for critical accounts.
Interestingly, over the weekend, there was also news about a similar incident with popular audio chat app, Clubhouse, only for it to be denied by the company’s CEO, Paul Davison. He said that reports of the leak were misleading and false, emphasising that “We were not hacked” and the “leak” may have actually been a data scrape of user information that’s readily available to the public – such as name, user ID, photo URL, social media handles, number of followers, etc.
This isn’t the first time that users have raised security concerns about the app. Among their biggest grouses include how difficult it is to delete the app, have their data completely removed from the server and how easy it is for people to access their private data.
Back in February, Clubhouse claimed that they had started taking action to strengthen security measures to protect users’ private data when a group of researchers revealed that various information could be accessed by the Chinese government.