A hacker has put up for sale in an Internet forum a file containing personal data of 500 million LinkedIn accounts. As proof, the hacker has shown two million records of the 15,000 million personal data, belonging to the 500 million accounts, to which he has had access: full names, email addresses, telephone numbers, workplace …
LinkedIn assures that it has not suffered a security breach and that it is “recycled” data from other attacks
The leakage of said data takes place when the echo of the recent leak of the data of 533 million Facebook accounts still resounds, and in this case the hacker who has been able to obtain them auctions, hoping to obtain several tens of thousands of euros, in a payment that he will presumably request in Bitcoins due to the difficulty of tracking the identity of those who carry out transactions in that cryptocurrency.
Initially it was unknown if the data obtained came from a breach in LinkedIn, but from this social network they affirm that they have not suffered any attack nor are they aware of having experienced a breach in their security.
They argue that the origin of the data of those 500 million accounts for sale in a forum may be due to having added data from various sources on the Internet to information from a previous breach. In other words, more than a current theft of data from LinkedIn servers, it would be a “recycling” of previously filtered data that has now been “updated” with information collected from different web pages.
LinkedIn points out that the checks they have been able to carry out on the data for sale do not contain any private data belonging to LinkedIn users. Specifically, the data that appears are: LinkedIn user identifier, full name, email address, telephone number, gender, link to the LinkedIn profile, links to other social networks as well as positions, professional experience and other information related to the job. From the data shown, it does not appear that it contains information on credit card numbers or sensitive documentation.
The data from this huge database can be used for multiple actions: online scams such as phishing, spam, obtaining through brute force attacks of LinkedIn passwords and other social networks associated with the user profile, fake profiling based on real data from real people, social engineering attacks.