In a blow to businesspeople of all levels and industries, the career and business networking site LinkedIn confirmed that data “scraped” from approximately 500 million profiles has been archived by hackers and is being sold on the dark web. The site has approximately 675 million members, meaning that data from 74% of its entire network has been compromised.
According to Clare Duffy of CNN Business, “the sale of the data was first reported by cybersecurity news and research site CyberNews, which said that an archive including user IDs, names, email addresses, phone numbers, genders, professional titles and links to other social media profiles was being auctioned off on the forum for a four-figure sum.”
In its defense, LinkedIn has maintained that the database of accounts offered up for sale on the dark web “is actually an aggregation of data from a number of websites and companies” — information that members publicly listed on their profiles.
“This is not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review,” the company reported.
While this kind of data is less sensitive than financial records like credit card numbers, banking account details or social security numbers, experts say that it still presents a safety risk for individuals and could be used to help infiltrate email accounts and other higher-risk areas of a person’s digital footprint. Personal phone numbers, for example, can easily be exploited for robocalls and other common telemarketing scams.
“Social media companies have tools in place aimed at preventing scrapers — LinkedIn on its terms page details ‘technical measures and defenses’ against such abuse — but they don’t always work,” Duffy reported. “The company said that ‘any misuse of our members’ data, such as scraping’ violates its terms of service, which prohibit third-party software, bots, browser extensions or plug-ins that scrape data from the site.”
“When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable,” LinkedIn warned in its statement.
“The company did not immediately respond to a request for comment about whether it will alert users whose data was scraped and is included in the database for sale,” Duffy reported.
News of the LinkedIn hack comes just days after a different social media scandal broke. On April 5, Facebook revealed that it had suffered a similar attack, with personal data — including phone numbers, birthdays, email addresses and more — from 500 million users being scraped from public profiles and offered up for sale on the web.
Authorities haven’t confirmed whether the attacks are related. Both are currently under investigation by a number of different federal agencies.