Over 500 million LinkedIn records exposed in massive data breach

Cybersecurity specialists reported the finding of a massive data breach from the LinkedIn networking platform that would affect around 500 million users. This incident involves the exposure of full names, email addresses, phone numbers, professional records and links to other social media platforms.

According to CyberNews specialists, compromised information is available for sale on a popular dark web hacking forum, although it is worth mentioning that sellers demand a payment of “at least four digits.” As proof of the veracity of this information, threat actors included two million random records, and they offer an additional sample for only $2 USD.

Shortly after publishing the first reports, experts confirmed that the compromised information is authentic although they point out that at the moment it has not been possible to determine whether the attackers managed to access updated information or instead these are databases with previously collected data.

A highlight of this incident is the leakage of professional user information, including LinkedIn IDs, academic training details, professional experience and work contacts. The report also notes that the leak does not appear to include financial details such as credit card numbers or bank statements.

Although the leak does not include financial information, experts point out that the data exposed is more than enough to deploy complex malicious campaigns, mainly phishing and social engineering. These attacks would allow hackers to steal additional information from victims or even access corporate networks.

On the scope of the incident, experts mention that the leak would have impacted about 50% of the more than 700 million users on the platform, so all users need to implement additional security measures to protect their information. Here are some very useful recommendations in these cases:

  • Reset passwords for your account and those of any other platform linked to your LinkedIn profile
  • Create a strong, random and unique password for each website, as well as employ password management tools
  • Enable multi-factor authentication
  • Avoid establishing new LinkedIn connections until your profile and the rest of your accounts are secure
  • Ignore any emails or messages sent by unknown users
  • Use spam filters and antivirus or antimalware tools

Finally, experts recommend visiting the specialized Have I Been Pwned platform, where users can check if their email address has been exposed in any data breach incidents. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.