Half a Billion LinkedIn Accounts Are Being Sold Online

When setting up a LinkedIn account, you enter certain information regarding yourself such as an email address, birthday, schooling, work experience.  This information and platform allows you to network with others like yourself.  However, even though this information you enter can be publicly accessible, attackers can still find a way to profit or exploit social engineering attacks using it.  Recently, over half a billion LinkedIn accounts are being sold online after attackers scraped and compiled the data.


The Attack

Attackers posted personal data, scraped from over 500 million LinkedIn profiles for sale.  To prove that they were successful in the attack, they offer 2 million user profiles worth of data as a sample.  Like other data-scraping attacks, with malicious intent, attackers can breach accounts, construct spear phishing attacks, or spam phone numbers and emails of millions of people.

In the light of the Facebook data leak, it was originally thought that Linked suffered an internal breach for an attacker to obtain vast amounts of data.  Additionally, the attacker might have published old data for sale rather than up-to-date.  However, LinkedIn confirmed that no internal breach occurred but attackers scraped data right off of their website.  Fortunately for LinkedIn and its users, the scraped data contains no credit card details or passwords to user accounts.  The data does however include:

  • Emails
  • Social Media Account Links
  • First and Last Names
  • Genders
  • Phone Numbers
  • Professional Work History and Work-Related Experience

On April 10th, another attacker posted an additional 327 million user accounts worth of scraped data for sale for $7,000 in bitcoin.  However, LinkedIn’s user base only consists of 740 Million accounts.  Therefore, either the total of 827 million scraped profiles are either old or duplicates.


Data Scraping

Attackers utilize a tactic called data-scraping to compile the information from millions of profiles and sources into one place.  A generally common tactic for attackers, Data-Scraping Attacks extract information from sources or websites for use by the attacker.  Attackers can then flip the extracted data for profit or use it for their own malicious intent.  With malicious intent, attackers can now create spear phishing attacks and other socially engineered attacks.  Additionally, attackers can brute-force accounts, commit identity theft and spam emails and phone numbers.


LinkedIn’s Reaction and Potential Impact

LinkedIn actively investigates the attack since the attackers use the data for purposes non-related to LinkedIn.  The company’s terms of service prohibits data scraping because of the misuse of data that users have not agreed to in the terms of service.  

In terms of impact, there is over 500 million LinkedIn users’ information circulating the web and whoever pays for it will have access to all of it.  However, with that being said, spear phishing attacks, spam calls and emails, even identity theft threaten LinkedIn users.  Furthermore, if a user does not utilize proper security controls on their profile, an attacker could use the email they obtained to breach their accounts.  With the links to other social media accounts, the attackers could possibly even access other accounts outside of LinkedIn.


Checking your Data and What to Do

If you want to check if your data leaked at any point, check out these tools:


What should you do if your data was leaked??  First, be aware of any unusual behavior on your account or requests from suspicious strangers.  In the same light, be aware of possible phishing emails.  Do not click on any link from an untrusted source.  Furthermore, change your password to a strong password as well as changing your email on your account.  Follow these instructions to create a strong password! Finally, enable two factor authentication on your LinkedIn account and other accounts to prevent any unauthorized login attempts.