Hackers scraped data from 500 million LinkedIn users – about two-thirds of the platform’s userbase – and have posted it for sale online

Linkedin cybersecurity
  • Personal data from 500 million LinkedIn users has been scraped and is reportedly for sale on a hacking forum.
  • LinkedIn said it’s investigating and confirmed that the dataset includes scraped data from its site.
  • The news comes after personal data from 533 million Facebook users was found to be exposed.
  • See more stories on Insider’s business page.

Data from 500 million LinkedIn users has been scraped and is for sale online, according to a report from Cyber News. A LinkedIn spokesperson confirmed to Insider that there is a dataset of public information that was scraped from the platform.

“While we’re still investigating this issue, the posted dataset appears to include publicly viewable information that was scraped from LinkedIn combined with data aggregated from other websites or companies,” a LinkedIn spokesperson told Insider in a statement. “Scraping our members’ data from LinkedIn violates our terms of service and we are constantly working to protect our members and their data.”

LinkedIn has 740 million users, according to its website, so the reported data scraping of 500 million users means about two-thirds of the platform’s user base could be affected.

The data includes account IDs, full names, email addresses, phone numbers, workplace information, genders, and links to other social media accounts.

Read more: 
Hacked companies are paying off ransomware gangs, the criminals are reinvesting the profits in making bigger and bolder attacks, and there’s no end in sight

It’s been posted for sale on a hacker forum, and the post’s author also leaked a sample of 2 million records as a proof-of-concept, according to CyberNews. The hacker is attempting to sell the trove of data for a 4-digit sum, per the outlet, and potentially in the form of bitcoin.

CyberNews researchers confirmed that the data was scraped from LinkedIn users but noted that the information could have been taken from the profiles at a previous date rather than recently.

Paul Prudhomme, an analyst at security intelligence company IntSights, told Insider that the exposed data is significant because bad actors could use it to attack companies through their employees’ information.

“Such attacks may be more likely to succeed due to the rise of remote work and the increased use of home or personal devices for work due to the COVID-19 pandemic,” Prudhomme said. “Attacking companies via their employees’ personal accounts and devices is one way for attackers to work around enterprise network security defenses.”

The report comes soon after data from Facebook was also exposed on the web. Insider’s Aaron Holmes reported last weekend that the personal data, including full names, locations, and email addresses, was posted in a hacking forum. A Facebook spokesperson said the data was scraped due to a vulnerability that the company addressed in 2019.

Security researchers told Insider that hackers could use the exposed data to impersonate them or scam them into revealing sensitive login information.