A database containing the personal information of more than 500 million LinkedIn users has been found for sale on a popular hackers forum.
Privacy analysts are worried about the trove of data being published, which contains full names, email addresses and phone numbers of individuals, as well as their employers.
The published data was found by a reporter at Cyber News who noticed a post from a member of a hacker’s forum that claimed to have possession of personal information scraped from Linkedin’s platform.
Get ISO 27001 – Information Security – Certification With Best Practice
The poster provided a sample of two million profiles as proof of their collection, which they are setting for a “4 digital $$$$ minimum price.”
Users of the forum were able to check each of the four sample files provided by the original poster for around $2.
LinkedIn claims that it has just under 740 million active users on its platform.
The team at Cyber News has since confirmed the hacker’s claims, but have said that “it’s unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies.”
The trove of data that has been published does not include any credit card, financial or legal documents that could be used by hackers, but analysts warn that the mountain of personal information can be used just as effectively by a skilled hacker.
Authors of the report warn that “with such information in hand, [hackers] can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum.”
News of the publication of private information from LinkedIn users comes just two days after we reported that a seemingly identical trove of personal information of Facebook users was found online.
Facebook has since said that the data leak stemmed from an issue that has already been fixed, however analysts are still worried about the potential for identity theft and financial fraud attempts that hackers can launch with more accurate, personalised information.
Personal Information of 500 Million LinkedIn Users Found For Sale
What To Do If Your Linkedin Account was Hacked
Cyber News has provided a platform for the public to use and determine if their profiles have been implicated in the data leak. Similar to Troy Hunt’s ‘Have I Been Pwned’ service, users can enter their email address to determine if they have indeed been hacked.
From here, it’s essential that you change the password of your Linkedin account, as well as any accounts that use the same password; it’s best practice to always use different passwords across platforms and services.
The next step in the process of securing your account is to enable two-factor authentication for your Linkedin account, as well as any social media accounts that enable two-factor authentication.
This means that any new login attempt will require a txt message to be sent to your mobile phone number, making the job of hacking your account much more difficult for a hacker.
Finally, it’s important to monitor your messages and private account activity for anything that seems suspicious or unusual. If you’re suddenly receiving messages from strangers that look to be a scam, it’s likely that your account details have been compromised and posted online.
