On June 22, 2021, a hacker announced the sale of over 700,000 pieces of personal information from LinkedIn. In a report detailed by ComputerWeekly.com, almost all of LinkedIn’s users were impacted by what the organization is calling a data scrape. An investigation into the cyber incident later updated the number to 1 billion records.
Because none of the data was technically stolen, LinkedIn is calling the incident a data scrape—when an API is used to extract and compile information. Affected users should take measures— like changing their LinkedIn passwords and using extra caution with new connection requests—to prevent their information from being used by cybercriminals.
The personal information of 92% of LinkedIn users is currently for sale after a data scraping cyber incident.
The announcement was made on a hacking forum—along with a preview of 2 million at-risk LinkedIn profiles as a proof-of-concept. You can check to see if your information was scraped by entering your email address here.
What’s the difference between a data scrape and a data breach?
In a data scrape, data is extracted from publicly available information—as all the information users have on their LinkedIn profile in this case. Data scrapes are not always nefarious in their intent. These data scraping APIs can be used to extract and compile data in large numbers for a valuable purpose.
A data breach, on the other hand, is when your confidential information—like your Social Security number, bank or credit card numbers, and email or passwords—are either inadvertently exposed or intentionally stolen by cybercriminals.
So, a data scrape can be good or evil and is not technically hacking because the information is available publicly.
The cyber incident LinkedIn just experienced was a data scrape of users’ information and is now up for grabs to the highest bidder. Included in the gleaned data:
- LinkedIn IDs
- Full names
- Email addresses
- Phone numbers
- Links to other LinkedIn profiles
- Links to social media profiles
- Job history
If your information was part of the cyber incident, you could see a rise in spam (as spammers now have your email address), phishing attempts, or even more troubling cybercrimes, like identity theft or unauthorized purchases.
In light of the recent cyber incident in which almost all LinkedIn users were affected (myself included), it’s a good idea to be more vigilant than ever about the information you have on your public profiles. Remember that posting it online is making it available to hackers, too. Hackers could use your information in several ways, including connecting with you under the guise of building a professional relationship to access your professional network and increase their own credibility to take advantage of more people.
Take these steps to further protect your information:
- Use the link above to find out if your information was a part of the latest data scrape.
- Change both your LinkedIn and email passwords. You can never be too careful.
- Don’t click on anything from strangers; this could be a phishing attempt.
- Be very cautious of connection requests from strangers; once you’ve connected with a hacker, they can troll your network.
- Remember to never give out any password information; you should never be asked for your password after logging in to a site.
- Check your LinkedIn profile and consider removing any email or phone numbers; they could be used by cybercriminals.
Data scraping and data breaches are nothing new. A similar scraping incident affected 533 million Facebook users in September 2019, while a data breach in the financial group, Capital One, saw 106 million of its users affected by stolen information. A recent article on LinkedIn “Russian Intelligence–Have They Sent You a LinkedIn Invitation?” describes how cybercrime has staying power in the war for global dominance.
It’s so important to use extra caution when you post information online with the sale of this latest data scraping event active and open to the highest bidder. Read LinkedIn’s statement about the event.
Learn more about ACEDS e-discovery training and certification, and subscribe to the ACEDS blog for weekly updates.