A cybersecurity investigator reported the finding of at least eight databases without online protection measures. According to cyber forensics course specialists from the International Institute of Cyber Security (IICS), these databases contain about 60 million of LinkedIn users records.
Most of the data is accessible to any user with minimal knowledge. As reported by the researcher, these databases include information such as:
- Email associated to LinkedIn
- Type of subscription
- User profile URL
- Work history
- Academic background
- Information on other social media profiles
The type of information exposed makes the cyber forensics course specialists think that the databases could have been formed from security breaches. Each exposed database contains between 25 GB and 32 GB of information, which means a total of 299 GB of exposed data.
The investigator in charge of reporting this finding claims that the databases disappeared and reappeared with different IP addresses each day. The exposed database has already been secured, maybe by the very same owner, the researcher mentioned.
According to the cyber forensics course specialists, it is disturbing that, among the LinkedIn profiles exposed, there were some users who had advanced privacy settings to prevent some personal details from being publicly disclosed.
So far it is still unknown who is behind this database; the information remained exposed for an indefinite period until this Monday morning, when the database was finally secured.
Regarding this incident, LinkedIn’s security team specialists confirmed that this database was not operated by the social platform; LinkedIn added that it has a strict control over its databases operated by third parties.
Nowadays it is very common for cyber security investigators and firms to find huge exposed databases online, either due to data breach incidents, or due to the limited security measures implemented by some companies that protect personal information belonging to their users.