Latest News

A massive data breach has resulted in the data from 700 million LinkedIn accounts being shared online for sale. 

Cybersecurity researchers have discovered that 700 million LinkedIn users’ data has been posted for sale online. 

Advertised on the popular cybercriminal website RaidForums, the data includes full names, genders, email addresses, phone numbers and industry information for hundreds of millions of users, making it an even more serious security breach than a similar incident back in April of this year.

How Did Hackers Steal This Data?

It is unclear as to how the hacker in question obtained this data, but cybersecurity experts believe it may be the result of “data scraping”. This is a process in which a hacker will siphon public information from the Internet, and package hundreds of thousands or millions of users’ info together for sale. 

According to LinkedIn, there have been no recent breaches of their network that could have led to this incident:

“We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.”

The good news is that data scraping doesn’t give cybercriminals access to passwords, credit card info, or other protected types of sensitive data. Unfortunately, however, the right buyer could use this data to target and harass users with spam, and subsequent hacking attempts. A data set this large, including names and emails, would be a very effective foundation for a massive phishing campaign. 

What Does This Breach Mean For You?

This is yet another reminder of why cybersecurity training and awareness are so important. The fact is that data scraping incidents and subsequent sales are commonplace (but rarely at this scale). This is how hackers get your contact info and target you in social engineering scams.

Social engineering uses manipulation and deception to target individuals with the goal of getting them to give up sensitive information, or complete a task that benefits the hacker's end goal.

Here are a few best practices to mitigate the risk of social engineering:

• Proper Password Management: Make password security a top priority, and enforce individual accountability for the safety of all end-user accounts
  
  
• Two-factor Authentication: Use secondary confirmation methods in addition to passwords to add an extra layer of protection to accounts and devices
  
  
• Endpoint Protection/Anti-Phishing Defences: While these precautions can't make up for a lack of diligence on your employees' part, they're a good place to start and a necessity for basic cybersecurity.
  
  
• Standard Protocols For Requests: Have set steps in place for management to follow when asking for information or access from employees. If your employees have a clear idea of how these interactions should look, they're less likely to be fooled by a hacker posing as their supervisor

Above all, it's important to build and maintain a culture of awareness. Make sure you have the knowledge and tools needed to spot a potential threat — that way, you'll be making it that much harder for a hacker to compromise your security.