Its been barely a week since we saw data of more than 533 million Facebook users leaked online and before the dust could settle down, another major user-data leak has happened, this time it is related to Microsoft-owned LinkedIn.
Data of more than 500 million LinkedIn users, equivalent to two-thirds of the company's active userbase have been scraped and put on sale on the dark web, reported Cybernews.
What is scraped data?
Web scraping is an automated process of using bots to pull information from websites and social media sites. Unless the users or the host company has given permission, it is considered legal, or else it is deemed as a serious crime for violating user privacy protocols.
The threat actor has posted another 2 million users' datasets as sample proof of the leak. User data include LinkedIn IDs, full names, email ID, phone numbers, gender, links to LinkedIn profiles, links to other social media profiles, professional titles and other work-related data.
The hacker put the data up for auction with a four-figure (dollars) starting price and would transact on Bitcoin cryptocurrency.
Recently, a report emerged that the hackers were using LinkedIn profiles of the users to inject malware into the latter's computer.
The Golden Chickens hacking team is using the Spear Phishing technique to lure prospective job seekers with a fat paycheck offer.
The hacker group studies their user's LinkedIn profiles and creates a lucrative job offer. For instance, if the victim is a current or former 'Senior Account Executive' at 'International Freight' company, the fake job posting will have a similar executive position but with a bigger salary.
Read more | Here's how cybercriminals are using LinkedIn to hack your PC
Responding to the user data on sale on a hacker forum, LinkedIn said that scraping its members' data from its website violates terms of service and has started a probe.
Full statement from LinkedIn:
Members trust LinkedIn with their data, and we take action to protect that trust. We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.
Any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.