How Hackers Are Selling Data Of Over 500 million LinkedIn Users Using Bitcoin

Social network giant LinkedIn is the next victim of a major personal data breach, after Facebook. According to information released by Cybernews, more than 500 million LinkedIn users are the latest victims of this massive leak. The data is being sold by hackers for $7,000 worth of bitcoin, says the same source, which updated the report on Friday to clarify it found a new list of databases created by another user on the same hacker forum.

Cybersecurity
Cybersecurity

“The new author claims to be in possession of both the original 500-million database, as well as six additional archives that allegedly include 327 million scraped LinkedIn profiles,” the report noted. 

“If true, this would put the overall number of scraped profiles at 827 million, exceeding LinkedIn’s actual user base of 740+ million by more than 10%. This means that some, if not most, of the new data sold by the threat actor might be either duplicate or outdated,” it added.

Here Is What You Need To Know

  • According to the source, personal information, such as email addresses, phone numbers, job details, full names, gender, account IDs, and connections to users’ other social media sites, was included in the leaked data, in addition to publicly viewable member profiles.
  • LinkedIn, the professional online social network created in 2002 and now owned by tech giant Microsoft, however denied that it was a hack. Instead, the company said the purported hacking activity related to an “aggregation of data from a number of websites and companies”.
  • In fact, according to the social network, it is “profile data made publicly visible which has been extracted”. 

“Data was not therefore stolen from users’ private accounts,” LinkedIn said. “No LinkedIn private member account data was included in what we were able to review.”

Auctioned For Bitcoin

The hackers responsible for this major leak, which represents a blow to the social network, also auctioned the database, starting from $1000 for no less than 500 million profiles. 

Read also:South African Government Encourages Businesses to Market to Africa’s Population

This database, which has been auctioned, may bring in a four-figure amount, depending on the expectations of hackers who want a settlement in bitcoin. The database consists of a cross-referencing of names, email addresses, telephone numbers, professional backgrounds and other information.

Read also: Proposed Internet Security Regulation In Botswana To Shut Down Websites For Non-compliance

What Makes This So Concerning?

With the alleged hacking activity, LinkedIn users are now potentially at risk of targeted phishing attacks, spamming of 500 million emails and phone numbers, and brute-forcing of profile and email passwords. Harassment and the development of false identities using users’ personal details are examples of other events that may follow. 

Professional hackers can also mix the stolen information with other leaks to create a perfect false profile of their targeted victim.

Nevertheless, “the leaked files appear to only contain LinkedIn profile information — we did not find any deeply sensitive data like credit card details or legal documents in the sample posted by the threat actor,” CyberNews said in a statement.

“With that said, even an email address can be enough for a competent cybercriminal to cause real damage,” it added.

What Actionable Steps May Be Taken To Reduce The Chances Of Being A Victim? 

According to Tunisia’s National Computer Security Agency (ANSI) in a publication on its official page in response to the recent Facebook data breach:

“It is important to remember that the leak does not concern passwords or messaging. However, the leaked data can be used for phishing (phishing) or smishing (SMS spamming) attacks without forgetting the fact that this information can be sold and exploited for marketing companies.”

The agency also went ahead to advise on actionable steps to take in case of data breach.

“Today, it is impossible to delete the data that was leaked during this attack, but we can mitigate its impact and take preventive measures to improve the protection of personal data communicated to social networks,” it said.  

Therefore, ANSI recommends:

“Strengthening account security by opting for strong passwords consisting of 8 to 12 characters including numbers, letters and symbols. 

In addition, you should never let a third party or an application create your access settings.

Enable strong or two-factor authentication to deny access to the account even if the access settings have been compromised.

Read also:Egypt’s Paymob Raises $18.5m Series A, Highest Ever For A Fintech Startup

Configure the information communicated to social networks and limit yourself to basic information.

Optimize the protection of mobile devices and computers by installing an antivirus and keeping it up to date.”

Additionally, affected users should:

  • Not click on any links that seem to be dubious.
  • Not respond to suspicious emails or messages
  • Not answer a call from an unknown phone number or return the call.

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning writer

how hackers LinkedIn data how hackers LinkedIn data how hackers LinkedIn data