Earlier this year, LinkedIn suffered a massive data leak that claimed the personal information of five hundred million users, last week another data set showed up on the dark web for over seven hundred million or 92 percent of platform.
A total of 756 million users of LinkedIn have had their data compromised and similar to the April headlines, a hacker was able to grab user details such as email address, phone numbers, company information, full names, LinkedIn IDs, genders and links to 3rd party social media accounts.
Again, similar to the earlier LinkedIn breach, the hacker who snatched the data is putting it up for sale on the dark web and showing proof a legitimacy by releasing a sample set of data of 1 million of the users from the breach.
LinkedIn responded with,
While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach, and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.
Independent sources across the web such as 9to5 Google and Restore Privacy have reached out to the hacker to confirm the exploitation. According to their reporting, the “scrape” was possible by exploiting a “LinkedIn API to harvest information that people upload to the site.”
The most recent breach is the second in most notable data leak for the company in less than six months and begs the question, what is LinkedIn doing to prevent future “scrapping” incidents?
