In what appears to be a massive data breach, the personal information of around 700 million LinkedIn users has been leaked on a hacker forum. The data breach exposed phone numbers, physical addresses, geolocation data, and inferred salaries. However, the leaked profile information doesn’t contain sensitive information like credit card details or legal documents.
While the threat actor claims that he’s scrapped data from LinkedIn, Microsoft refuses to call it a data breach and says that it “is actually an aggregation of data from a number of websites and companies.”
Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites. Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.
The hacker has made a sample of around 1 million addresses available for hackers who want to test the data collection.
If you’re a LinkedIn user, it’s probably the best time to change your LinkedIn password. And this time around, try a strong password! Also, don’t forget to enable two-factor authentication on your online accounts.