If the leak of the personal information of 533 million Facebook users on a dark web forum wasn’t enough, detailed personal and professional information associated with 500 million LinkedIn profiles has been put up for sale on a popular dark web forum as well.
According to CyberNews, the massive chunk of LinkedIn profile information was allegedly scraped by hackers from LinkedIn itself and is stored in four files that have been put up for sale on a dark web forum for an undisclosed amount. To demonstrate that the data is genuine, hackers have leaked 2 million records as a proof-of-concept sample.
The compromised personal information includes users’ full names, email addresses, phone numbers, gender, links to LinkedIn profiles, LinkedIn IDs, links to other social media profiles, and professional titles and other work-related data. The massive data repository can enable opportunistic hackers to create detailed profiles of Internet users and carry out identity theft or targeted social engineering attacks.
“Particularly determined attackers can combine information found in the leaked files with other data breaches in order to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum,” CyberNews said.
LinkedIn is yet to respond to the massive leak of user records, but this is the second time in a decade that the company has suffered a large-scale leak of user data records. The previous attack took place in 2012 when Yevgeniy Alexandrovich Nikulin, a Russian hacker, stole login information, including encrypted passwords, of over 117 million LinkedIn users.
After infiltrating the computer of a LinkedIn employee, Nikulin installed malware into the hijacked machine, and used the employee’s stolen credentials to log in to LinkedIn’s corporate VPN. Once inside LinkedIn’s corporate network, Nikulin stole a database containing the login information, including encrypted passwords, of over 117 million LinkedIn users. He used a similar tactic to steal the login credentials of over 68 million Dropbox users as well as the credentials of an unknown number of Formspring users.
The LinkedIn data breach also compromised ‘private log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees, and more than 1,000 Foreign Office officials’ in the UK. In October last year, Nikulin was sentenced to 88 months in prison in the U.S., two years after he was arrested while traveling in the Czech Republic.