Another batch of data has been found for sale online, this one containing over 500 million LinkedIn user records including email addresses, phone numbers, links to affiliate social media profiles and professional details. LinkedIn, a social media platform used primarily for business networking, boasts about 740 million users which is an attractive data pool for threat actors looking to cause major damage.
The data found online was, according to CyberNews researchers, claimed by the hacker on a popular hacking forum. The legitimacy of the data was proven by the hacker after posting 2 million data records for the price of $2 for users to check the data for a limited time, while also asking for a four digit sum in exchange for the entire data set. However, researchers are unsure if the data scraped from LinkedIn is in fact up-to-date information, and whether financial details and transactions of the users have been compromised. However, the researchers fear that with information such as personal details, email addresses and phone numbers, hackers can link all th ienformation together for a super phishing technique that could exploit social engineering tactics on the target victims.
How to protect your LinkedIn data
As LinkedIn works towards solving/patching up this issue, there are several steps experts urge users to undertake when faced with compromised accounts online. These include:
- Change LinkedIn and linked email passwords;
- Create strong, unique passwords and store them in password manager applications/services;
- Enable two-factor authentication (2FA);
- Be cautious of unknown people sending you connection requests and messages;
- Learn to identify phishing emails and text messages;
- Never open potential phishing emails directly from the email – navigate to the site manually to check its legitimacy; and
- Install anti-phishing and anti-malware software.
Undertaking these steps can help to mitigate and lower the impact or damages done by this data scrape.
For more information on staying secure online and handling the aftermath of breaches, contact us at Agilient for industry-leading cybersecurity services.
Author: David Steele, Agilient Consultant