Another massive leak from LinkedIn social network can be added to a huge data leak of April this year. Data from more than 700 million users of this social network has leaked and has been put up for sale on the black market at this time.
LinkedIn has approximately 756 million users, this would mean that the data leak concerns 92 % of all users. The hacker who obtained the data has published a file of one million users and it is verified that the data is authentic and up-to-date.
Leaked data contains information about user accounts including:
- e-mail addresses
- full names
- phone numbers
- addresses (physical)
- geolocation records
- username and profile URL
- personal and professional experience and background
- information about other social network accounts and usernames
Analysts from the RestorePrivacy portal reached out to a hacker who offered leaked data for sale and found out that the data was obtained by exploiting the LinkedIn API. An official statement of the social network LinkedIn says that there was no data breach because of the misuse of LinkedIn API through which the attacker collected the data and thus violated LinkedIn terms of service.
Although password and financial data leaks have not yet been confirmed, this does not mean that leaked data cannot be misused. Cybercriminals can combine data with other leaked information to create detailed profiles of their potential victims. Thanks to this information, attackers can carry out much more convincing and credible phishing attacks, convert this data into money or use it for other malicious activities.
The National Cyber Security Centre SK-CERT, therefore, recommends to all users of LinkedIn:
- change your user account password immediately, making sure that the password is strong, unique and not linked to your person or hobbies;
- enable two-factor authentication (2FA) in your account; however, avoid 2FA in the SMS form;
- be vigilant and do not accept invitations from strangers;
- follow the basic principles of cyber hygiene
- do not open unverified messages and messages from unknown users,
- do not open suspicious attachments (even in familiar formats such as .pdf/.docx and so on),
- disable macros in documents,
- do not open suspicious URLs,
- if e-mail applications are used, disable the attachment preview function,
- in case of suspicion, verify the content of the message with the sender in a different way (by phone, in person),
- never respond to messages requesting any personal and sensitive information (login names, passwords, payment details);
- even a trustworthy message from a state authority, bank or a mobile operator, whose credibility is supported by authentic data on your person, may be a fake with the data from your LinkedIn profile. Keep that in mind, be cautious, verify the report satisfactorily and in case of doubt use the official contacts of the institution.
« Späť na zoznam