A massive data leak is currently affecting LinkedIn, the popular business social network owned by Microsoft. This is the second such data leak of this year and this time over 90 percent of the platform’s users are affected.
Earlier this year, 500 million LinkedIn users were left affected when their details were leaked online. Also this year, a widespread breach across platforms resulted in millions of LinkedIn account passwords leaking.
This time, a total of 756 million LinkedIn users have their data possibly leaked online, leaving their accounts compromised. The data dump includes phone numbers, personal information, company details, email addresses, real names, third party links, and more.
The hacker or hacking group that obtained the information is now selling it online, alongside proof of the breach. That proof is in the form of a sample of 1 million users. LinkedIn has confirmed it is investigating the issue and offered early insight into the breach:
“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach, and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
Future Prevention
Reports suggest the hacker scraped the data through and exploit in a LinkedIn API. Specifically, an API the company uses to get data from users when they upload content to the platform.
No major data breach is good news, but a second in just a few months shows there is something wrong at LinkedIn. How is the company working to prevent data scraping? While the results of the LinkedIn investigation will be insightful, it will be more interesting to know what the company has planned to stop such attacks.
Tip of the day: To prevent attackers from capturing your password, Secure Sign-in asks the user to perform a physical action that activates the sign-in screen. In some cases, this is a dedicated “Windows Security” button, but the most common case in Windows 10 is the Ctrl+Alt Del hotkey. In our tutorial, we show you how to activate this feature.
