A treasure trove of LinkedIn account data has been found online and up for sale. The package claims to contain over 500 million user records including email addresses, phone numbers, professional details, and social media links.
The leak was reported by CyberNews researchers. The hacker selling the information as asking for a “four-digit $$$$ minimum price” for complete access to the stolen information.
The hacker proved their legitimacy by posting some two million records as a sample that users could view for $2 in forum-specific credits. CyberNews researchers confirmed the data in the same was legitimate but did add it was “unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies.”
The leaked data includes a variety of professional information, such as LinkedIn IDs, email addresses, full names, phone numbers, user gender, and links to social media profiles and other work-related data. The database doesn’t seem to contain financial details such as credit card numbers or bank details. The data also doesn’t include legal documents that hackers could use to facilitate fraud.
However, this lack of financial documentation doesn’t mean that the data isn’t dangerous in the wrong hands. CyberNews warns that determined hackers could combine the information with data gleaned from other hacks and data breaches to create detailed profiles of potential victims. They can use the data to create social engineering phishing attacks.
LinkedIn says that it has nearly 740 million users. If the hacker is telling the truth about how many accounts are included in the hack, it’s safe to say that nearly everyone with a LinkedIn account could be among the 500 million records. LinkedIn users are encouraged to change their account password (and on accounts that use the same password), enabled two-factor authentication on LinkedIn, and be extra wary or spam and unsolicited emails in the future.