700m LinkedIn records up for sale on underground hacking forum
User data appears to be scraped from LinkedIn and other sources
The records of 700m LinkedIn users are being sold online on a popular hacking forum just two months after the data of 500m users of the business-focused social network was sold off in a similar way.
According to a new report from the VPN review site PrivacySharks, a cybercriminal going by the handle “GOD User Tom Liner” recently posted on the hacking forum RaidForums to announce that they were in possession of 700m records.
In order to prove these claims, they provided a sample of 1m records which PrivacySharks' researchers analyzed for authenticity to discover that they contained a wealth of personal information including full names, gender, email addresses, phone numbers and industry information.
- We've assembled a list of the best cloud storage services
- These are the best cloud databases on the market
- Also check out our roundup of the best cloud backup
During the data leak that occurred back in April of this year, LinkedIn confirmed in a statement that the user records for sale online were collected from a number of websites and companies as well as from publicly viewable member profile data. As a result, it wasn't actually a data breach as no data had been stolen from the company but instead was scraped from other sources.
Scraped data
Just like with the previous data leak, it turns out that the 700m LinkedIn records being sold online were collected from previous leaks. However, as PrivacySharks does not support sellers of stolen data, its researchers were unable to verify all of the records.
In a statement to PrivacySharks, corporate communications manager at LinkedIn, Leona Spilman provided further insight on the origins of this latest collection of stolen user records, saying:
“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
LinkedIn users whose personal information is included in this latest data leak could become the target of spam campaigns or possibly even victims of identity theft. For this reason, it is recommended that affected users change their passwords immediately and use a password manager to generate new passwords that are strong, complex and unique.
- We've also featured the best data loss prevention
Via PrivacySharks
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.