Microsoft’s workplace social networking site LinkedIn is suspected of a data breach, and the data of up to 500 million registered users of LinkedIn has been publicly leaked.
Related databases are currently being sold on underground hacker forums. After preliminary verification by foreign security companies, they have confirmed that the information is valid.
The leaked data contains a variety of fields, such as work email, industry, public relations and correspondence address, job information, mobile phone number, and related bound account numbers.
LinkedIn currently has only 740 million registered users, which means that more than two-thirds of user data has been leaked, and hackers provide 2 million pieces of data as verification when selling data.
What needs to be emphasized is that LinkedIn has had data breaches before. Therefore, although security companies have confirmed that the data is valid after comparison, the incident is not yet clear.
That is, when was the specific time of the data leakage? After all, underground hacker forums often appeared in the integration of old data and sold them at high prices, pretending to be new data.
The security company said that it has not been able to determine the time of the data breach, but the information may be old data, but even old data may cause serious security problems.
Because these data contain more sensitive information, they may be used for phishing and scams, especially when telecommuting increases during the coronavirus epidemic, phishing attacks are more frequent.
It is worth noting that although this batch of data contains a variety of data fields, many of the contents are empty. For example, user mailboxes and mobile phone numbers have only a small part.
After the report was reported, LinkedIn also promptly issued a security bulletin to explain the matter. LinkedIn stated that the data was valid but it was not a security issue with the company.
The data released by hackers looks very much like aggregated data, including public data scraped from LinkedIn and data collected by other websites or companies to integrate.
LinkedIn users usually disclose their learning and work experience, such as the company they are currently employed for, but such things as work email and mobile phone numbers will not be publicly released.
This coincides with a large number of blank fields in the database, so it is indeed possible that this is just the public information of LinkedIn members that hackers use automated tools to grab.
Since it is public information, the potential impact will be very low, but LinkedIn also emphasizes that unauthorized crawling of its member information is a violation of regulations and will therefore be investigated.