LinkedIn User’s Data Has Been Scraped and Is up for Sale on the Dark Web

06 July 2021

700 million LinkedIn user’s personal details were posted for sale earlier this month, putting 92% of their userbase at risk of social engineering and spear phishing attacks.

The data includes several details about each user, including:

  • Email addresses
  • Full names
  • Phone numbers
  • Physical addresses
  • Geolocation records
  • LinkedIn username and profile URL
  • Personal and professional experience/background
  • Genders
  • Other social media account usernames

What makes this so dangerous is that this aids the spear phishing diligence the cyber criminals already do as part of Business Email Compromise attacks. In many ways, these details make the job easier. The more legitimate a BEC phishing email can be made to look legitimate using actual details, the more likely the scam will be successful.

According to LinkedIn, this isn’t technically a breach, since no private information was stolen. Instead, they claim it’s an aggregate of the 500 million records stolen in April and other sites.

Even so, just knowing that cyber criminals can arm themselves with some impactful details familiar to the potential victim, you should be looking for ways to empower yourself to know when they’re being targeted. Security Awareness is one of the most effective ways, as it opens your eyes to how the bad guys try to trick you, even when emails appear legitimate.

The lesson here: be careful in sharing your personal information, ensure that your electronic security is active and updated, and do not allow your business to fall victim of data breach claims as a result.

To read more: