It’s déjà vu for LinkedIn as the site is experiencing its second mass data breach this year which reportedly affected around 700 million users.
The data in the leak compromises about 92 percent of the site’s users and the breach data includes users’ full name, username/profile URL, genders, email, street addresses, phone numbers, social media accounts, salaries and geolocation records. The user who breached LinkedIn is reportedly putting the leaked data up for sale on the dark web, which has posted up a sample of 1 million users.
“Our teams have investigated a set of alleged data that has been posted for sale. We want to be clear that this is not a data breach and no private member data was exposed,” LinkedIn said in a statement. “Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.”
A recent report from RestorePrivacy has confirmed that the ‘up for sale’ data “is both genuine and up-to-date” which dates from 2020 to 2021. The report goes on to mention that the hacker got their hands on the data by exploiting the API which allowed them to gather the information that people upload to the site. While no passwords were leaked, the data itself is still valuable.
“Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates [our] terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable,” LinkedIn said.
Like previously mentioned, this is the second data breach for the site this year. Back in April, data of around 500 million users was breached through a very similar method earlier that month.