Unfortunately, data leaks from major technology companies are far from uncommon. Professional social networking site LinkedIn has allegedly been compromised with hackers claiming they have data from 500 million LinkedIn profiles for sale. So far, the hackers have released 2 million records as proof they have compromised the LinkedIn database.
Among the data in the profiles shared as proof of the hack are LinkedIn users’ full names, email addresses, phone numbers, workplace information, and additional details. The offer to sell the data and data proving that information is legit was offered on a hacker forum where the samples could be viewed for about two dollars worth of forum credits.
In the post, the seller claims to have records on 500 million profiles and asks those interested in the data to PM him for a price that would be a minimum of four digits. Independent investigators have confirmed that the data the hacker is offering for sale is, in fact, from LinkedIn. It was initially unclear if the hacker is selling up-to-date data from LinkedIn profiles or if the data has been aggregated from past breaches.
LinkedIn has stepped forward and confirmed that the data for sale was not acquired as part of a new data breach. LinkedIn says the data is an aggregation of information from a number of websites and companies. The professional social network maintains that no private member account data from LinkedIn was included in the content it was able to review.
Security experts warn that the data being offered for sale could be used to carry out targeted phishing attacks. Users with their data leaked might also see increased numbers of spam emails and phone calls. The leaked data can also result in brute force attacks compromising the passwords for LinkedIn profiles and email addresses. Users are urged to change the password for their LinkedIn and email accounts and to enable two-factor authentication.