Few days after the Facebook data leak, LinkedIn came under the headlines for yet another data leak. The security researchers from Cybernews.com reported that about 500 million LinkedIn users’ data got stolen.
The reports revealed that the hacker offers four sample data sets with two million data for two US dollars in a forum as evidence for theft. The hacker is ready to sell more than 500 million user data for at least a four-digit US dollar amount.
The experts confirmed that the initial analysis shows that they were real data and scrapped from LinkedIn. However, it is still unclear if the leaked data contain updated information or dumped from the previous data breach.
The exposed data includes user names, email addresses, workplace details, links to other social media accounts, and phone numbers. However, leaked records don’t have any information related to legal documents, credit card details, or any other financial data. It means that no fraud can take place.
If the leaked data doesn’t include financial information, it doesn’t mean that everything is fine, and you should not worry. Cyber-criminals are much more advanced than ever before. They can use the collected data to create detailed profiles of the potential targets and then launch social engineering attacks like phishing attacks.
Moreover, they can also use the information to spam emails and phone numbers or conduct brute-force LinkedIn passwords and other associated email addresses.
It is not the first time that a data breach hits LinkedIn users. In 2012, hackers also stole the password hashes of around 170 million LinkedIn users. The stolen data remained private until 2016 when it appeared on the dark web.
The LinkedIn data leak news comes shortly after the cybersecurity experts warn the users about a new job hunting scam on the social site. The hackers send a .Zip file to the potential victim that looks like an app. The file contained a fileless backdoor that allows the scammers to install keyloggers, ransomware, malware, or another malicious program.
Security experts suggest the users change their passwords, implement two-factor authentication, and avoid clicking on any link or attachments.