Data of at least 500million LinkedIn users has been lifted from the platform and is currently for sale online, prompting an investigation from an Italian watchdog group, according to tech media sources.
The dataset breach was confirmed by a spokesperson from LinkedIn who said that ‘scraping’ members data violated terms and services. The Italian data protection authority is investigating the breach.
‘While we’re still investigating this issue, the posted dataset appears to include publicly viewable information that was scraped from LinkedIn combined with data aggregated from other websites or companies,’ a LinkedIn spokesperson said in a statement to Insider.
‘Scraping our members’ data from LinkedIn violates our terms of service and we are constantly working to protect our members and their data.’
Approximately two-thirds of the platform’s 740 million user base has been affected by the breach.
Included in the data was account IDs, full names, email addresses, phone numbers, workplace information, genders and links to other social media accounts.
According to CyberNews, the data has been posted for sale on a hacker forum. The author of the post has shared 2 million of the records as proof-of-concept, the outlet reported. They are seeking bitcoin for the data.
Paul Prudhomme, an analyst at IntSights, said that exposed data is significant because bad actors could use employees’ data to attack companies.
‘Such attacks may be more likely to succeed due to the rise of remote work and the increased use of home or personal devices for work due to the COVID-19 pandemic,’ Prudhomme said.
‘Attacking companies via their employees’ personal accounts and devices is one way for attackers to work around enterprise network security defenses.’