Days after 533 million Facebook user’ records were found online, news broke that over 500 million LinkedIn user profiles were discovered on the Dark Web. The hackers shared two million of these LinkedIn records for only $2 total to prove the legitimacy of the information in the stolen data. The business and employment-oriented online networking platform is used by professionals all over the world. The LinkedIn account users’ data was scraped or imported from the website into a database, and includes names, LinkedIn account IDs, email addresses, phone numbers, gender, LinkedIn profile links, connected social media profile links, professional titles, and other work-related personal data.
The full database containing the variety of personal and professional information was accessible for a “four-digit $$$$ minimum price” and the two million leaked samples can be viewed for as low as $2 for the entire database. That’s a small price to pay for the amount cyberthieves may gain through identity fraud, including synthetic identity theft which can escalate to unemployment fraud. In the hands of cybercriminals, this information can also be used to commit phishing and vishing schemes, and credential stuffing. Worst yet, an account takeover attack on a professional platform like LinkedIn can cause serious damage to your reputation.
There are over 55 million businesses showcasing their services and job openings on LinkedIn. Employees’ personal accounts are used to manage these business profiles, adding additional security risk from this data exposure. Using Personally Identifiable Information (PII) and social engineering tactics to log into employee’s accounts, hackers may even attempt to access business social accounts – resulting in harm to companies’ reputation and loss in consumer trust.
Millions of consumer records are being exposed and it’s tricky to understand the severity of each data breach and its associated risks. Sontiq’s new breach intelligence capability, BreachIQ, provides personalized, recommended actions if you discover you’ve been affected by a security incident.