That's 8 million more since June 2021
An enhanced data set of 708 Million users has again been scraped from LinkedIn and made available to a leaked server, that's 8 million more. The server was subsequently shut down soon after Dynarisk contacted the hosting company. A large percentage of email addresses are new and are from the same sources that LinkedIn had previously established as the source of a data leak in the firms April '21 findings. A sample is below.
Worryingly the latest leak contains much more user data.
The types of data vary and include employment history, tel. number, address, geo-location, email and other personal information. The additional data has now caused the total size of archived data leaked since June ‘21 to increase by 0.2 Terabytes to 1.7 Terabytes. In sympathy and fairness to LinkedIn, it is clear that the additional data leaked is actually being enriched by various other sources. This means that the scraping of data enhanced by other data sets cannot be easily prevented by LinkedIn.
In conclusion; whilst it may appear that LinkedIn is the primary source of this data, upon deeper inspection is it apparant that only some of the new additional data is sourced from the firm themselves, with the bulk of the new data derived from other sources which interact with LinkedIn.
This is a vital and key aspect to note in this scenario but if in any doubt simply change password.
“Unauthorised scraping is against our policies and everyday teams at LinkedIn work hard to keep our members and their information safe. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.
In April 2021, we investigated a set of data that was aggregated from various sources, including information scraped from public LinkedIn pages and various other websites.
Since then, when that same set of information has surfaced we’ve taken action and kept our members updated as needed. We want to be clear that in every case our investigators have found that none of our member’s private data was exposed or hacked.”
What To Do If Targeted
Despite the fact that secret phrase and email address together are not the primary elements of this new leak, it would be wise for users to refresh their account security by refreshing the secret phrase as well as passwords for all other web-based profiles. Enabling two-factor verification (2FA) will further assist in securing data against other potential assaults, all of which are reasonable consequences of this additional data leak. Other recommended steps;
- Adjust visibility and privacy by changing to private mode.
- Do not leave your CV and other private info on the profile available to everyone, change to network only or other criteria.
- Do not open documents and messages sent from unknown or suspicious email addresses.
- If your data is in the leaked database then prepare for possible phishing attacks, check now with these free cyber-security tools.
How To Set LinkedIn To Private And Semi-private Mode
Follow these steps;
Cyber Xpert Subscribers
Pro-active Dynarisk users will have already taken measures recommended using Cyber Xpert to provide personal cyber security insights and already have a level of understanding of the impact of such leaks i.e. that the data leaked can be actively utilised by hackers to expose users to more serious consequences.
What should you be thinking about? We recommend taking extra caution with any invitations from what may appear to be genuine people on any social media platforms. Expect more detailed and better qualified phishing emails. Take extreme care with any links from any sources. Identity theft is also something to be careful of when this type of data is exposed. If in any doubt simply do not respond to communications and links.
Stay Safe In Cyberspace