Data from around 500 million LinkedIn profiles has been posted for sale online, as the professional networking platform becomes the latest victim of a privacy leak.
Users’ IDs, email addresses, phone numbers, professional titles, genders, names and links to other social media profiles were being sold for a four-figure amount, cybersecurity news site CyberNews first reported.
The data being sold is already publicly available and is an aggregation of data from “a number of websites and companies”, LinkedIn said in a statement.
"This is not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we've been able to review," the company said.
How to check if your details are among the leak
To check if your data was included in the LinkedIn dataset, CyberNews has a portal through which concerned users can input their email to match it against those that were shared.
The scraping attempt comes just days after 533 million Facebook users details were also listed for sale.
“With your phone number, Facebook ID, Full name, location, past location, birthdate, email address, account creation date, relationship status and bio you are a target for social engineering, spam marketing and account takeovers,” security awareness advocate at security firm KnowBe4 Jacqueline Jayne said following the Facebook leak.
“This kind of information can be used in social engineering. Here, scammers can use this information to build a profile of you. They could look for additional publicly available information on LinkedIn or other social media apps and craft a very convincing email designed to trick you into believing something that is not true.”
She said it’s critical to understand just how much information users share about themselves online.
“There is a high chance that our online profiles are robust and full of information that can be used to trick and manipulate us.
“Stop and think before you act and stay safe out there.”
It’s also time to consider changing your password, vice-president of global cybersecurity firm Proofpoint Crispin Kerr said.
Research from Proofpoint found that 42 per cent of Australian working adults use the same password across multiple accounts, Kerr said, warning that this can make those users more vulnerable to phishing attacks.
“To minimise this risk, Australians should ensure they are using strong passwords, refrain from sharing passwords with others and change passwords regularly – at least twice a year. We also recommend utilising a password manager, to make managing multiple passwords easy and secure.”
He said Australians need to now be on guard against phishing attempts, which are likely to increase.
“Cyber criminals may utilise personal information that is now readily available online to appear legitimate or ask a user to verify their identity by clicking on a malicious link,” he said.
“These types of phishing attempts remain the most recurrent type of scam in Australia, and so individuals should always be wary of any communication whether that is in the form of email, text message, social media, or via a phone call, from someone they do not recognise.”
Cyber security breaches have been named by the World Economic Forum as the top global risk for 2021, while global CEOs have said it’s the main thing that they’re worried about over the next three years.