Days after the massive Facebook data leak of over 533 million accounts, another huge batch of data of 500 million LinkedIn users has been put up for sale on a popular hacker forum, Cybernews reported.
The dataset has purportedly been scrapped from over 500 LinkedIn profiles and has been put up for sale online with another 2 million records leaked as a proof-of-concept sample, the report said.
The leaked information includes users’ full names, email addresses, phone numbers, workplace information, among other details, as per the report.
The Microsoft-owned professional networking platform, acknowledging the report, has said that the database contained information scrapped from multiple places and was not entirely scrapped from the platform. It further said that it was not a LinkedIn data breach.
“We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review,” the company said in a statement.
“Any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable,” it added.
Facebook data leak
The leak comes soon after the data leak of over 533 million Facebook users was first reported by Business Insider. The information of over 533 million Facebook users from 106 countries including phone numbers, Facebook IDs, full names, locations, birthdates, and email addresses was leaked online, as per the report.
Alon Gal, CTO of cybercrime intelligence firm Hudson Rock first discovered the leaked data and shared on Twitter how a Telegram bot was being used to sell mobile phone numbers of Facebook users.
Facebook, acknowledging the reports in a blog post earlier this week said that malicious actors had obtained the data via scraping and not by hacking into its systems.
“Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this. The methods used to obtain this data set were previously reported in 2019,” the social media major said in a blog post.
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” it said.
The tech giant further detailed how the data was likely scrapped using its contact importer feature.
“We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019. This feature was designed to help people easily find their friends to connect with on our services using their contact lists,” it said.
“When we became aware of how malicious actors were using this feature in 2019, we made changes to the contact importer. In this case, we updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users,” it said.
“Through the previous functionality, they were able to query a set of user-profiles and obtain a limited set of information about those users included in their public profiles. The information did not include financial information, health information or passwords,” it added.