LinkedIn Defiant, But Most User Data Leaked

It seems like there is a new data breach every time we turn around, and in most cases, these breaches expose the personal data of many people. The most recent breach in this troubling trend is for the popular social media website LinkedIn. This breach exposed 700 million profiles, an event which led them to be sold on a popular hackers forum. The scary part? LinkedIn denies that there was any data breach.

LinkedIn’s Sketchy Security History

LinkedIn is the social media website preferred by professionals who are trying to network with other professionals. This reputation as the go-to place for professionals to network makes it a major target for hackers. In 2012, a Russian hacker stole 6.5 million accounts exposing 100 million email addresses and passwords. One year later, more controversy popped up as it came to light that Linkedin used man-in-the-middle attacks to intercept user emails and move them to LinkedIn servers. Another event came to light in 2018 when Microsoft acquired LinkedIn and users began to receive extortion emails from account information stating that their information had been for sale on the Dark Web.

LinkedIn has a questionable reputation with online security at best, as it has been historically connected to other security breaches, including fake LinkedIn accounts used to steal data and allow unauthorized access to third-party networks.

2021 Issues

This past April, 500 million LinkedIn user accounts were put on sale on a popular hacker forum. The information was not stolen by a data breach, but it was instead scraped. This information included vital information including full names, email addresses, phone numbers, workplace information, and more. The majority of LinkedIn’s 740 million user base was affected by this issue.

LinkedIn has also been removing access to scholars and other active individuals within China with no explanation, causing quite a bit of concern for intellectuals and other active users that suspect the company is censoring information in the Chinese market. China is certainly no stranger to suppressing the availability of public information.

Another recent report showed a data breach that allowed hackers to make information public for over 700 million users—about 92 percent of its user base. LinkedIn claims that this was not a data breach; instead, they issued the following statement:

• Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.
  
  
• Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.
  
  
• For additional information about our policies and how we protect member data from misuse:
  https://www.linkedin.com/help/linkedin/answer/56347/prohibited-software-and-extensions

What is Scraping?

Scraping is a tactic used by hackers to harvest information from websites. Scraping uses software to copy material from these websites through the websites’ code, giving hackers valuable information that they wouldn’t normally be able to get. Believe it or not, it doesn’t take as much effort for a hacker to do this as you might think. Some are even capable of using the open nature of business APIs (application programming interfaces) to gain direct information to data they want to steal.

So, if you cannot trust major companies with your sensitive data, who can you trust? It is hard to say, but there is one thing you can count on. BNMC can help your business secure its data. To learn more, reach out to us at (978) 482-2020.