A sign is posted in front of the LinkedIn headquarters in Mountain View, California. (Photo by Justin Sullivan/Getty Images)
LinkedIn confirmed Thursday that 500 million LinkedIn profiles was put on sale on a hacker forum.
Cybernews first broke the news, reporting that the hacker leaked four files that contained the full names, email addresses, phone numbers and workplace information of the LinkedIn users. LinkedIn released a statement saying that the company investigated the data posted for sale by the threat actor, and while it does include publicly-viewable member profile data that appears to have been scraped from LinkedIn, “this was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.”
Javvad Malik, security awareness advocate at KnowBe4, said LinkedIn has become one of the most impersonated brands when it comes to phishing, and having access to such a treasure trove of information can help facilitate convincing phishing and social engineering attacks.
“The saving grace here, to a degree, is that this all appears to be publicly-accessible information, Malik said. “So, while it may not disclose anything that could not have already been obtained, having all the information in one repository does make it very useful to attackers. Users should always be wary of emails which appear to originate from LinkedIn or other social media networks, and rather than following links, navigate directly to the website to read any messages or to respond to notifications.”