Attackers use the same APIs that power web and mobile applications to extract the data. Isbitski adds, "We see many cases of content scraping attacks against organizations where data that is considered public or limited use suddenly becomes privacy impacting when it is pieced together or represents a significant chunk of the total user base. On the severity spectrum of leaks, this is relatively lower since much of the data could likely be gathered through traditional reconnaissance techniques like internet searches and querying social media platforms." LinkedIn has stated that the data it is not the result of a breach. It also appears to have been scraped from other sites in addition to LinkedIn public user profile information. Similar to the recent Facebook leak, some of the data may be older. These are forms of PII, and the exposure of such data certainly results in privacy impacts. Michael Isbitski, Technical Evangelist at Salt Security, explains, "It was confirmed that the leaked LinkedIn data set contains member IDs, full names, email addresses, phone numbers, genders, job titles, workplace information, and potentially other identifying data. This means that some, if not most, of the new data sold by the threat actor might be either duplicate or outdated." If true, CyberNews says, "this would put the overall number of scraped profiles at 827 million, exceeding LinkedIn’s actual user base of 740+ million by more than 10%. The threat actor claims he has obtained the original 500-million database and six other archives that purportedly include 327 million scraped LinkedIn profiles. A new collection of databased was put on sale on the same cybercriminal forum by another users, for $7,000 worth of bitcoin. Other threat actors are looking to profit from this data leak. LinkedIn later forming that the data for sale was not acquired as a result of the data breach and is aggregation of data from a number of websites and companies. CyberNews was able to confirm this claim by looking at the samples provided on the hacker forum. The threat actor claimed the data was scraped from LinkedIn. If you're changing your password but don't want to have to rely on writing it down or memorizing it, check out our favorite password managers, which can help you stay on top of all your various account information, under tight security.Users on the forum could view the leaked samples for about $2 worth of forum credits and the threat actor was auctioning the 500 million user database for at least a 4-digit sum. ![]() While this hack is unfortunate, what's happened has happened, so all you can do is stay vigilant and try to reduce the damage it does to your daily life. ![]() ![]() Many times, lists of harvested emails and phone numbers will be sold to spam companies, so it's possible that if you're a victim of this leak, you'll be receiving a couple of odd calls from someone posing to be the IRS or something. Secondly, be wary of any strange calls or emails you get over the coming month. While some things can't be easily changed, like your phone number or address, things like usernames and passwords can be changed within five minutes, and can make sure you don't fall victim to a more targeted attack in the near future. 92% of users is practically the entire website, so odds are, you're a victim.Ĭhange what you can to make sure that the leaked data is obsolete. Short of the company (in this case LinkedIn) paying ransom for the leaked data to be destroyed, there's not much anyone can do to stop bad things from happening.īut what measures can you take to minimize the damage? Firstly, if you have a LinkedIn account, you need to assume you were hit by this hack. The worst part about leaks like this is that once it's done, it's done.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |