LinkedIn data scrape exposes 700 million users’ data

A massive LinkedIn leak reportedly exposed data of 700 million users, making it the second large data dump following a similar episode just months earlier.

More than 92% of LinkedIn’s 756 million users’ information is now available for purchase on the dark web, including phone numbers, addresses, geolocation data, and inferred salaries, according to PrivacySharks.

LinkedIn calls it ‘data scraping’

While the report calls the hacking a “data breach,” LinkedIn denied that in a statement posted to its website.

“We want to be clear that this is not a data breach and no private LinkedIn member data was exposed,” the company said in a statement on June 29. “Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.”

Data scraping is extracting information from a website. It’s usually used to compile valuable information from a website that companies do not want to be downloaded or reused.

How it happened

The hacker behind the leak reportedly gained access through LinkedIn’s API, or application programming interface, a software intermediary that allows two applications to work together.

It was the same method used in the breach back in April, which included information like LinkedIn IDs, full names, email addresses, phone numbers, genders, links to profiles and other social media, as well as professional titles and work-related data, according to CyberNews.

In late June, someone claiming to be the hacker announced the stunt on a forum where they offered to sell the data of 700 million users, according to RestorePrivacy, which verified a sample of the data. The outlet reported that the data appeared to be authentic and tied to real users. Additionally, they spoke directly to the person claiming to be behind the plot, who asked for $5,000 for the complete set of data.

Although no passwords are included in the leak, 9to5Mac said the information is still valuable because it can be used for identity theft and help phishing attempts, which in turn can be used to gain your credentials for other websites.