Earlier this week, the data of 700M LinkedIn users appeared on a popular dark web forum. That number is more than 92% of LinkedIn’s estimated total of 756M users. In the original post, first reported by Privacy Sharks, the hacker with the goods posted a sample as proof of the hack that contained about 1 million records. Experts and researchers in multiple security organizations have confirmed that the data was genuine. To add insult to injury, Restore Privacy reports that this hack appears to have been carried out by exploiting the same vulnerability that hackers used to scrape 500 million user accounts just three months ago in April 2021.
This hack is huge for another reason. This scrape isn’t just a quick scoop up of average, basic user data. This treasure trove for cybercriminals contains a plethora of sensitive and personally identifiable information that can be used to facilitate all manner of cybercrime from spear phishing to business email compromise scams or identity theft. It’s a danger to both workers and businesses.
Experts are warning LinkedIn users that after studying the sample provided by the hacker, they’ve determined that extensive personally identifying information (PII) may have been exposed in this incident including:
Email Addresses
Full names
Phone numbers
Physical addresses
Inferred salaries
Geolocation records
LinkedIn username and profile URL
Personal and professional experience/background
Genders
Other social media accounts and usernames