By Nickie Louise
LinkedIn, a Microsoft-owned professional networking site, announced that some user data including publicly viewable member profiles have been scraped and posted for sale online. LinkedIn also added that the incident was not a data breach and no private member account data from the platform was included.
However, security site CyberNews reported on April 6 that an archive of data scraped from 500 million LinkedIn profiles was put for sale on a popular hacker forum. CyberNews said the scraped data of 500 million LinkedIn users are being sold online. Hackers also posted another 2 million records leaked as proof.
In an updated post today, CyberNews added that “A new collection with 327M more LinkedIn profiles appear on a hacker forum.” According to CyberNews, the new author claims to be in possession of both the original 500-million database, as well as six additional archives that allegedly include 327 million scraped LinkedIn profiles.
“Updated on 10/04: It seems that other threat actors are looking to piggyback on the leak. On Friday, a new collection of LinkedIn databases has been put for sale on the same hacker forum by another user – for $7,000 worth of bitcoin.”
On Thursday, CyberNews said updated its personal data leak checker database with more than 780,000 email addresses associated with this leak. You can use it to find out if your LinkedIn profile has been scraped by the threat actors.
Meanwhile, LinkedIn said in a blog post on Thursday, adding that the information listed for sale is a collection of data from a number of websites and companies. However, LinkedIn declined to provide additional details on the incident, including the number of users affected.
In a blog post, LinkedIn said:
“We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.”
“Any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable,” the company added
