LinkedIn, the social network that connects companies with professionals, has suffered a massive leak of personal data of more than 700 million of its users: names, phone numbers, addresses, e-mails…
This is one of the largest data leaks in the history of Linkedin, since it is equivalent to more than 92% of the total number of users of the social network. Even so, Linkedin assures that there has been no breach of user data.
On the other hand, just 3 months ago, the social network Linkedin reported that a group of hackers stole the data of more than 500 million users of its platform.
Massive Linkedin data leakage
The personal data of Linkedin users was obtained by the cracker using LinkedIn’s official API. The developer interface would have been used to do a “data scraping” or “web scraping” of the social network’s users.
According to LinkedIn, they are still investigating the situation, but a first analysis indicates that the data published on the dark web includes information extracted from both LinkedIn and other sources.
LinkedIn’s data mining is a policy violation and they are continuously working to ensure the protection of their users’ privacy.
LinkedIn: Victim of web scraping
LinkedIn claims that its service is a victim of a practice called “web scraping”, which automatically crawls and collects user data on the web.
This social network is particularly vulnerable to this situation because, specifically, it aims to give visibility to companies looking for employees and, more importantly, to people looking for contacts and jobs.
Much of the data obtained by LinkedIn was obtained by crawling data on the Internet through a network of crawlers.
For its part, LinkedIn assures that no data breach of its users has taken place: “While we are still investigating the situation, a first analysis indicates that this data includes information extracted from both LinkedIn and other sources. This is not a LinkedIn data breach and our investigation has determined that no private data of our members has been exposed. LinkedIn data mining is a violation of our policies, which is why we are continuously working to ensure that our members’ privacy is protected.”
What kind of information was leaked?
The impact of this cyberattack covers a variety of methods, from identity theft to phishing attacks to social engineering attacks.
We must not forget that the data released is sensitive because it can be used for any type of cyberattack. The user data that was leaked are:
- User’s full name
- Phone number
- Physical address
- Email addresses
- Location history saved by the platform
- LinkedIn profile username and URL
- Professional experience
- User’s gender
- Links to other social networks with username.
LinkedIn ensures that the data does not come from the API of the social network, as it does not have an API that can return all this data from the users. Data such as phone number, gender, salary and address do not come from LinkedIn.
Despite the massive data breach that LinkedIn has suffered, users of the social network can remain calm because their LinkedIn profile passwords do not appear to have been exposed.
Complaints in Spain about the data breach
The Spanish Data Protection Agency (AEPD) has confirmed to the public that it has received two complaints referring to the latest large-scale disclosure of Linkedin personal data.
Having established a major European institution in Ireland, the country’s data protection agency will lead the investigation and decide whether to impose sanctions; due to the two complaints mentioned above, the AEPD will request to be considered as an interested watchdog agency.