A few days after data of 530 million Facebook users was leaked online, 500 million user records of LinkedIn users have met the same fate. The massive trove of LinkedIn account data includes full names, email addresses, phone numbers, links to other connected social media profiles, professional titles, and other LinkedIn users’ professional details.
CyberNews researchers reported the leak was posted to a forum popular with hackers by a user asking for a “four-digit minimum price” to access the complete database of stolen account information.
CyberNews researchers were able to confirm that the data contained in the sample was legitimate, but added that “It’s unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies.”
However, the lack of financial or identification documentation doesn’t mean the leaked data isn’t dangerous. “Particularly determined attackers can combine information found in the leaked files with other data breaches to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum,” CyberNews said.
It’s not the first instance of LinkedIn data being breached, though.
LinkedIn describes itself as having nearly 740 million users; if the leaker selling this batch of stolen data is telling the truth, then it’s safe to assume anyone with a LinkedIn account could be among the 500 million leaked records. With that in mind, LinkedIn users should take precautions to protect their accounts and their data by changing LinkedIn account passwords and email account passwords associated with LinkedIn profiles.