Personal data of over 500 million users of LinkedIn Corporation, the American business and employment-oriented online service, was leaked and put on sale on a popular hacker forum, CyberNews reported on Tuesday. LinkedIn, owned by Microsoft Corporation, denied a breach from their side and said it was an “aggregation” of data from several websites and companies.
Besides an archive comprising data that was taken from 500 million LinkedIn users’ profiles, the hacker also leaked two million records as a “proof-of-concept” sample.
The users of the hacker forum can view the leaked samples for $2 worth of forum credits on the forum while the hacker has also been auctioning the 500 million users’ database for a minimum of a four-digit sum which CyberNews assumes to be in bitcoins.
“Also selling 500M profiles, PM me for price 4 digit $$$$ minimum price,” read the hacker forum.
Though the hacker who posted on the forum claimed that the data was scraped from LinkedIn, CyberNews’ investigation team confirmed after going through the samples provided on the forum. However, it’s not yet certain if the hacker was selling updated LinkedIn profiles or if the data had been aggregated from the website’s or other companies’ previous breaches.
On the basis of the samples on the forum, the information leaked from the profiles includes LinkedIn ID’s, full name along with the email addresses, phone numbers, genders, links to LinkedIn profiles and other social media profiles, professional titles and other work-related details.
After two days of the report, LinkedIn issued a statement on Thursday claiming it had investigated the “alleged set of LinkedIn data” that has been put on sale and “have determined that it is actually an aggregation of data from a number of websites and companies”.
“It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review. Any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable,” the statement said.
Following the incident, Italy’s privacy watchdog initiated a probe into the matter claiming that the country has one of the highest subscribers amongst the European states. It has asked its users to “pay particular attention to any anomalies” related to their personal data such as bank accounts or phones numbers in particular.
One can check on CyberNews whether their profile is one of the 500 million leaked ones.
In a similar kind of incident, Alon Gal, co-founder of Israeli cybercrime intelligence firm Hudson Rock, tweeted on April 3 that over 500 million Facebook users’ data including phones numbers were leaked on a hacker platform. Among the most affected were countries- the United States with 32M Facebook users ‘ data leaked and the United Kingdom with 11,5M leaked.