Data of 500m LinkedIn users put up for sale on the Dark Web

Data of 500m LinkedIn users put up for sale on the Dark Web

Data of 500m LinkedIn users put up for sale on the Dark Web

If the leak of the personal information of 533 million Facebook users on a dark web forum wasn’t enough, detailed personal and professional information associated with 500 million LinkedIn profiles has been put up for sale on a popular dark web forum as well.

According to CyberNews, the massive chunk of LinkedIn profile information was allegedly scraped by hackers from LinkedIn itself and is stored in four files that have been put up for sale on a dark web forum for an undisclosed amount. To demonstrate that the data is genuine, hackers have leaked 2 million records as a proof-of-concept sample.

The compromised personal information includes users’ full names, email addresses, phone numbers, gender, links to LinkedIn profiles, LinkedIn IDs, links to other social media profiles, and professional titles and other work-related data. The massive data repository can enable opportunistic hackers to create detailed profiles of Internet users and carry out identity theft or targeted social engineering attacks.

“Particularly determined attackers can combine information found in the leaked files with other data breaches in order to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum,” CyberNews said.

LinkedIn is yet to respond to the massive leak of user records, but this is the second time in a decade that the company has suffered a large-scale leak of user data records. The previous attack took place in 2012 when Yevgeniy Alexandrovich Nikulin, a Russian hacker, stole login information, including encrypted passwords, of over 117 million LinkedIn users.

After infiltrating the computer of a LinkedIn employee, Nikulin installed malware into the hijacked machine, and used the employee’s stolen credentials to log in to LinkedIn’s corporate VPN. Once inside LinkedIn’s corporate network, Nikulin stole a database containing the login information, including encrypted passwords, of over 117 million LinkedIn users. He used a similar tactic to steal the login credentials of over 68 million Dropbox users as well as the credentials of an unknown number of Formspring users.

The LinkedIn data breach also compromised ‘private log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees, and more than 1,000 Foreign Office officials’ in the UK. In October last year, Nikulin was sentenced to 88 months in prison in the U.S., two years after he was arrested while traveling in the Czech Republic.

Copyright Lyonsdown Limited 2021

Top Articles

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Ransomware attacks and the future role of the CISO - teissTalk

On 18 May, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity experts in a wide-ranging discussion that covered government actions, ransomware attacks and the future of…

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]