A collection of the data of 700 million LinkedIn users has been leaked online this week after hackers had previously attempted to sell the data scrap in June. To be exact, on 22nd June 2021, an online user on RaidForums with the name TomLiner had stated that he was in possession of the data of 700 million LinkedIn users and was willing to sell it to just about anyone.
The Record obtained the collections through an undisclosed source and has stated that the data scrap is currently being circulated in the form of a torrent file through private telegram groups. It also reports that the data scrap being circulated as a torrent file contains approximately 187 GB of archived data.
To provide an idea of the magnitude of this data leak, LinkedIn has approximately 760 million users and the data leak contains the information of around 700 million users i.e. 92% of all LinkedIn users.
Contents of the LinkedIn data scrap
As per analysts from Privacy Sharks, who analysed the free sample provided by TomLiner back in June, they confirmed that the sample records that included the full names, gender, email addresses, geolocation records, phone numbers, etc. were authentic and completely up-to-date. After an analysis of the complete data scrap, The Record has confirmed that the data scrap containing LinkedIn profile names, LinkedIn IDs, location information, email addresses, etc. are authentic.
In a statement in June 2021, LinkedIn did state that no data breach had occurred and the data was scraped off LinkedIn’s API as well as from other websites. LinkedIn has not made any follow-up statement since then.
As stated before, even though the data is not a direct threat as such, it is a wealth of information that is available in one place and could be useful for threat actors to enrich their databases from multiple sources for any kind of future use.
Incidents of data scrapping have become very common especially after the likes of Facebook, Instagram and Clubhouse’s data has been scrapped by crawling through their respective APIs. Even though it is not the fault of these companies as it is technically not a data breach, these kinds of incidents are being recorded much more often than before.