While people are yet to digest the huge Facebook data leak of 533 million users, Microsoft-owned professional networking platform LinkedIn is now facing a massive data leak of 500 million users that is allegedly being sold online.
According to a report by LinkedIn, there is an archive of 500 million profiles that have been scraped from the site and put up on the sale. The report added that another 2 million records have been leaked as a proof-of-concept sample under which it mentions the 500 million profile bank. The leaked information includes the full names, email addresses, phone numbers, and genders of LinkedIn members. The hacker has put up a price of around $2 to view the leaked samples of 2 million profiles. As for the 500 million profiles, the hacker has asked for a 4-digit amount which is expected to be in Bitcoin.
LinkedIn said in a statement on Thursday that it has “investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.”
The company added that data scraping violates its terms of services, and it will work on holding the person responsible for this. Facebook’s data leak was also data scraping and not a hack, the company had said in a blog.
Moreover, with job cuts due to the Covid pandemic, job seekers are being lured by hackers. The hacker group studies a user’s LinkedIn profile and creates a lucrative job offer. For instance, if the victim is a current or former ‘Senior Account Executive’ at ‘International Freight’ company, the fake job posting will have a similar executive position but with a better salary.
Once the user receives the mail, he/she will be asked to open the malware-laced .zip file, to see the job description and employment application. Once opened, malware dubbed as ‘more_eggs’ is capable of fooling the anti-virus in the system and discreetly gets installed on the device (phone/PC) without the victim’s knowledge. And, then the hackers can gain full control over the device and even install malicious plugins or ransomware, credential stealers, banking malware, and more.