LinkedIn Data Breach June 2021 Affects Almost ALL Users: How to Know if Your Account Has Been Hacked
Employment-oriented professional networking site LinkedIn was attacked by hackers, taking away a large amount of user data from the said site and sold them in a hacker forum for a hefty amount of money.
In an analysis report made by Privacy Sharks, over 700 million records of said data, or 92%, was exposed, then later posted in forum for sale.
According to 9To5Mac, the breached data includes several personal and private information such as a user's phone numbers, physical address geolocation data, and inferred salaries.
How did that Happened
According to a report by Restore Privacy, a certain user posted an advertisement in a hacker forum last June 22nd. According to the said post, a total of 756 million records full of LinkedIn data were posted for sale.
The same user even posted a sample data on the same forum thread that includes over a million worth of personal data, which was then analyzed and later on, confirmed to be authentic and tied to its real users after a cross check between the compromised data and other publicly available information.
According to Threat Post, it was unclear where is the origin of the said breached data, but Restore Privacy posted a screenshot between them and the said user, claiming that data, which was sold for $5000, was obtained through exploiting LinkedIn's Application Programming Interface (API).
The said seller also claims that by exploiting said API, personal information from people that were using or logging in the LinkedIn website were harvested.
Once sold, these data can be used for other cyberattacks, including phishing attacks, spamming, and brute-forcing the passwords of any LinkedIn profile as well as any email address.
However, according to Gadgets360, the professional networking site released a statement saying that they did not became the receiving end of a data breach, but rather the data acquired includes information that was scrapped by them as well as information obtained from other resources.
They also said that no private data from their site were compromised nor exposed, and scrapping any data from LinkedIn is a violation of their Terms of Services.
This is not the first time LinkedIn was attacked by cyber criminals have their data breached. Last April 9th, over 500 million accounts were breached and later on posted in a hacker forum for sale.
According to Cybernews, a user posted a four-part folder archive containing the scrapped data, which includes private information, from the said 500 million LinkedIn profiles.
In the same forum thread, the user posted a proof-of-concept sample using another set of breached records of over 2 million LinkedIn accounts.
However, LinkedIn released a statement regarding the alleged cyberattack, saying that the data the hackers had were a mix of data from different websites and companies. They added that there is no breach happened within LinkedIn, and no private information was compromised.
How do you know if you're Account was Breached
Several websites offer services to determine if an e-mail, account name or a password was included in a mass-scale data breach. Cybernews has its webpages dedicated to this service, including one that checks your e-mail or phone number if it is breached.
Another account checking website is haveibeenpwned.com. Now only that it has an E-mail/Phone Number checker, but it also has a domain searcher and a password checker.
Aside from using a leak checker, another preventive measures according to Cybernews includes having to look out for suspicious messages and connection requests, changing the passwords, considering the usage of a password manager, and enabling a multifactor authentication.