LinkedIn has denied reports of a massive data breach that allegedly exposed personal details of more than 700 million users of its platform, 92% of its total 756 million users.
(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
The professional networking platform said this is not a data breach and no private LinkedIn member was exposed.
“Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update,” the company said in a statement.
Earlier this week, RestorePrivacy had reported that a user of a hacker forum had put up data of 700 million LinkedIn users for sale and posted a sample of the data that includes 1 million LinkedIn users.
The data contained email addresses, full names, phone numbers, physical address, geolocations records, LinkedIn username and profile URL, personal and professional background, genders, and other social media accounts and usernames.
According to RestorePrivacy’s analysis, the data is authentic and tied to real users with samples from 2020 and 2021. They reached out to the user directly on Telegram where he noted that the data was obtained by exploiting the LinkedIn API, and the user is selling the complete dataset for $5000.
The data can be used for identity theft, phishing attempts, social engineering attacks and for gaining access to other accounts.
In April this year, LinkedIn had investigated a similar dataset which was up for sale. According to the Microsoft-owned company, the data was aggregated from a number of websites and companies.
“Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable,” LinkedIn said.