[BreachExchange] Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground

Tue Jun 29 10:31:05 EDT 2021

https://threatpost.com/data-700m-linkedin-users-cyber-underground/167362/

A new posting with 700 million LinkedIn records has appeared on a popular
hacker forum, according to researchers.

Analysts from Privacy Sharks stumbled across the data put up for sale on
RaidForums by a hacker calling himself “GOD User TomLiner.” The
advertisement, posted June 22, claims that 700 million records are included
in the cache, and included a sample of 1 million records as “proof.”

Privacy Sharks examined the free sample and saw that the records include
full names, gender, email addresses, phone numbers and industry
information. It’s unclear what the origin of the data is – but the scraping
of public profiles is a likely source. That was the engine behind the
collection of 500 million LinkedIn records that went up for sale in April.
It contained an “aggregation of data from a number of websites and
companies” as well “publicly viewable member profile data,” LinkedIn said
at the time.

According to LinkedIn, no breach of its networks has occurred this time,
either:

“While we’re still investigating this issue, our initial analysis indicates
that the dataset includes information scraped from LinkedIn as well as
information obtained from other sources,” according to the company’s press
statement. “This was not a LinkedIn data breach and our investigation has
determined that no private LinkedIn member data was exposed. Scraping data
from LinkedIn is a violation of our Terms of Service and we are constantly
working to ensure our members’ privacy is protected.”

“This time around, we cannot be sure whether or not the records are a
cumulation of data from previous breaches and public profiles, or whether
the information is from private accounts,” according to Privacy Shark’s
blog post, published Monday. “We employ a strict policy of not supporting
sellers of stolen data and, therefore, have not purchased the leaked list
to verify all of the records.”

There are 200 million more records available in the collection this time
around, so it’s probable that new data has been scraped and that it’s more
than a rehash of the previous group of records, researchers added.

Security Ramifications of Data-Scraping

The good news is that credit-card data, private message contents and other
sensitive information is not a part of the incident, from Privacy Shark’s
analysis. That’s not to say there aren’t serious security implications
though.

“The leaked information poses a threat to affected LinkedIn users,”
according to Privacy Sharks. “With details such as email addresses and
phone numbers made available to buyers online, LinkedIn individuals could
become the target of spam campaigns, or worse still, victims of identity
theft.”

It added, “expert hackers may still be able to track down sensitive data
through just an email address. LinkedIn users could also be on the
receiving end of email or telephone scams that trick them into sharing
sensitive credentials or transferring large amounts of money.”

Then there are brute-force attacks to be concerned about: “Using email
addresses provided in the records, hackers may attempt to access users’
accounts using various combinations of common password characters,”
researchers warned.

And finally, the data could be a social-engineering goldmine. Sure,
attackers could simply visit public profiles to target someone, but having
so many records in one place could make it possible to automate targeted
attacks using information about users’ jobs and gender, among other details.

“It is not uncommon to see such data sets being used to send personalized
phishing emails, extort ransom or earn money on the Dark Web – especially
now that many hackers target job seekers on LinkedIn with bogus job offers,
infecting them with a backdoor trojan,” Candid Wuest, Acronis vice
president of cyber-protection research, said via email at the time of the
first data-scraping incident. “For example, such personalized phishing
attacks with LinkedIn lures were used by the Golden Chickens group.”

Users should secure their LinkedIn accounts by updating passwords and
enabling two-factor authentication.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210629/c5a05e6c/attachment.html>