If a now exposed password has also been used on other sites, that access is now compromised as well. The response makes no acknowledgement, however, that password re-use may compound the severity of the breach. LinkedIn has acknowledged the news and has taken steps to invalidate credentials for all accounts that have not yet reset their passwords since the data breach occurred, reminding all users that changing passwords frequently is a recommended security practice, as well as recommending that users consider two-factor authentication. The breach was originally thought to have affected almost 6.5 million accounts, but security researchers have now discovered a much larger data dump, containing 117 million login credentials, offered for sale on the dark web. Head to the official website and look for notifications.Last week, news sources reported that the data breach that occurred at LinkedIn in 2012 was actually much, much larger than original thought. Since the data leak has already made headlines, threat actors might try to send out phishing emails that urge you to access a fake link to make modifications to your account or change the password.ĭon”t click on suspicious links you might receive in your Inbox. Even if account passwords have not been exposed, it”s never a bad idea to change the password for online accounts and enable two-factor authentication. The best way to protect your account and professional identity is to keep an eye out for suspicious and unsolicited communications you may receive via email, text message, or the LinkedIn chat feature. “When anyone tries to take member data and use it for purposes LinkedIn and our members haven”t agreed to, we work to stop them and hold them accountable.”Īlthough no sensitive or financial data was included in the leaked files, the information can be exploited by scammers and threat actors to conduct targeted phishing and smishing attacks or even brute-force the password to take over accounts. “Any misuse of our members” data, such as scraping, violates LinkedIn terms of service,” LinkedIn added. The online service has also made it clear that any misuse of user data, including web-scraping techniques, clearly violate the platform”s terms of services: This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we”ve been able to review.” “It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. “We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies,” the notification reads. LinkedIn also confirmed the claims provided by the threat actor in a recent Corporate Communications message: The archive contains allegedly scraped user profile information from LinkedIn and is not part of a new data breach. Any prospective buyer can go through the data for a $2 payment in forum credit.Ĭheck if your personal info has been stolen or made public on the internet with Bitdefender”s Digital Identity Protection tool.Īccording to Cybernews researchers who analyzed the samples, the data includes a combo of LinkedIn profiles and associated info, such as user IDs, full names, email addresses, phone numbers, gender, professional titles, job-related descriptions, profile and social media profile links. To entice buyers, he even provided a leaked sample containing the information of 2 million LinkedIn users. The database was auctioned for a four-digit sum (minimum), according to the cyber thief who advertised the trove of user information. Fact: Half a billion LinkedIn users are in for an unpleasant surprise, as scraped datasets of their profile information are up for sale right now on an underground forum.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |