• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
IdentityTheft.org

IdentityTheft.org

Identity Theft Protection, Statistics & Prevention

  • Protection
    • Cloud Backups
      • Best Cloud Backup Services
      • Backblaze Review and Pricing Plans
      • Carbonite Review and Pricing Plans
      • IDrive Review and Pricing Plans
    • Password Managers
      • Best Password Managers
      • LastPass Review and Pricing Plans
      • 1Password Review and Pricing Plans
      • Password Boss Review and Pricing Plans
      • Dashlane Review and Pricing Plans
      • Keeper Review and Pricing Plans
      • RoboForm Review and Pricing Plans
      • pCloud Review and Pricing Plans
    • Phone Number Lookup
      • Best Reverse Phone Lookup Services
      • RoboKiller Cost and Pricing Plans
    • People Search
      • Best People Search Services
      • Spokeo Cost and Pricing Plans
      • BeenVerified Cost and Pricing Plans
      • PeopleFinders Cost and Pricing Plans
      • DeleteMe Cost and Pricing Plans
    • Parental Control Software
      • Best Parental Control Software
      • Net Nanny Review and Pricing Plans
    • Credit Card Protection
  • Recovery
    • Credit Repair
      • Best Credit Repair Services
      • Credit Saint Review and Pricing Plans
      • Lexington Law Review and Pricing Plans
      • Sky Blue Review and Pricing Plans
      • Ovation Credit Repair Cost and Pricing Plans
      • Credit Repair Hotlines
    • Data Recovery
      • Best Data Recovery Services
      • Disk Drill Review and Pricing Plans
      • Stellar Data Recovery Cost and Pricing
      • EaseUS Review and Pricing Plans
      • Recoverit Review and Pricing
      • Ontrack Data Recovery Cost and Pricing
  • Report Identity Theft

The LinkedIn Data Breaches: What to Do and Who Was Affected

LinkedIn has been subjected to several breaches in the previous year of 2021.

The first data scraping took place in April 2021, right after the news of the Facebook Breach was making rounds all over the internet. The data scraped came from 500 million LinkedIn profiles.

The hacker put the data for sale on a hidden underground forum. Besides the 500 million, another 2 million records were also leaked by the same actor.

The second data scraping activity took place on June 22. The data was collected from the accounts of 700 million users, and a sample of 1 million records was also posted on Radio Forums, a well-known hacking forum. The sample released held data for the year 2020-2021.

This collection was also making rounds all over Telegram in the form of torrent files. These 700 million users make up about 92% of LinkedIn users, which is quite a considerable percentage.

An Inside Look at the Breach of LinkedIn

The first data breach incident included the threat actor having access to the user’s LinkedIn IDs, email addresses, phone numbers, full names, genders, links to other social media profiles, LinkedIn profile URLs, professional titles, and other work-related information.

The data scraping on June 22, 2021, was done by a seller going by the name of TomLiner who was a “God User” on an underground market. They claimed to have held possession of 700 million records and went on to publish some in order to prove their claims.

The actor further stated that the data was accessed through LinkedIn’s Application Programming Interface (API). This was the same method that was used previously in the April breach.

The data was made up of Full Names of the users, LinkedIn IDs, job history, email addresses, phone numbers, LinkedIn profile URLs, etc. Confidential location information was also breached in the second attack. All of this personal data could be easily used to assume someone’s identity.

All of this information, including the location information, salaries, and personal phone numbers, were also put up for sale on the dark web for only $5,000.

What’s There to Worry About?

In both breaches, the data that was accessed was information already present on the internet. However, the information scraped like a person’s email address and real-life name could be enough to dig out more information about them.

This could be used against many high-profile executives working for LinkedIn or against those that are operating in sensitive areas like financial or security industries.

With such personal information available on the internet for purchase, the affected users could experience identity theft or other spam activities.

Moreover, email and telephone scams could be used to lure users into giving out personal financial information about themselves, or they could be tricked into transferring large amounts of money. The leaks didn’t contain the email address of every user making the scraping of data less valuable to an extent.

Suppose you find yourself on the other side, with your credentials scraped by the hackers. In that case, it is recommended to make a swift change to your passwords for your email address, LinkedIn account, other online accounts, and set up two-factor authentication to help you be less vulnerable to any future breaches.

It is always better to use encrypted email addresses, password managers, and antivirus software. Taking all these steps will make you less prone to any harmful attacks.

What did LinkedIn Have to Say?

When the year’s first breach took place, LinkedIn was defensive about the whole scenario. It said that the data was not a LinkedIn data breach, and there is no evidence that the private information of LinkedIn users has been leaked.

At the time of the second breach, LinkedIn drafted out a statement stating “the data that was posted online for sale didn’t contain information from LinkedIn accounts only.

The data was accumulated from a set of websites/companies”. Furthermore it stated, “when any breach or data scraping occurs that puts out users’ personal information at risk, we work quickly and effectively to stop these threat actors and make sure they are held accountable”.

The Final Verdict

It is no lie that anyone could have accessed the data sold on underground forums, and it’s wrong to put all the blame on LinkedIn.

The information scraped from LinkedIn was always up for public viewing; hence, the company cannot control it.

Nonetheless, the data breaches of Facebook, T-Mobile, and Instagram indicate that such hacking cases are more common than ever, and it’s time that LinkedIn also needs to strengthen its security services.

Primary Sidebar

Copyright National Council on Identity Theft Protection© 2023

Identitytheft.org is a privately owned website and is not owned or operated by any state or government agency. The government operated website can be found at Identitytheft.gov. We may receive a payment, commission, or affiliate compensation in connection with any purchase you make of products or services featured on our site. These commissions help us to operate Identitytheft.org.

  • About Us
  • Digital Safety Tools
  • Research
  • Privacy Policy
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT