LinkedIn is leaking again. A massive data breach affecting some 700 million users more than 90 percent of the network’s overall user base. The entire collection of data is up for sale on the dark web, including phone numbers, physical addresses, geolocation data, and even inferred salaries. acker used the LinkedIn API to download the data, which has now been posted on various dark web forums for sale.
The report claims the LinkedIn data is legit; the data to be authentic, tied to real users, and up-to-date. All of that data could be used to carry out a number of unsavory attacks, ranging from coordinated phishing scams to all-out identity theft.
This is far the largest LinkedIn hack ever, if all 700 million records are real. It’s nothing short of damning for LinkedIn especially given that it’s the same method used months ago in another hack.
Hacks are essentially unavoidable in 2021. The internet is progressing at such a rapid pace that even the most high-profile internet infrastructure can be swiftly compromised, with the right tools in-hand.
This LinkedIn hack should have been particularly avoidable, given that it is LinkedIn’s own API that allowed this breach to happen.The April LinkedIn data leak could be (somewhat) excused; perhaps the company did not fully understand the problems with its API that led to the initial attack. At the time, LinkedIn released a short statement:
Any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.
In typical corporate fashion, this angle pushes the responsibility off of LinkedIn and onto the attacker(s). LinkedIn did not want to hold itself at all culpable for the data scraped from its site. Now it’s happened again, with more personal data, because LinkedIn failed to improve its API’s security after the first attack.
We can only hope LinkedIn takes this new attack more seriously than it did the April leak. We’ve reached out to LinkedIn for comment and will update our story accordingly.