Online privacy firm alleges data breach of 700 mn LinkedIn users, co denies

Breach was reported by RestorePrivacy, according to whose website, the user of a popular hacker forum advertised data from 700 million LinkedIn users for sale on June 22

LinkedIn has suffered a massive data breach, allegedly affecting 700 million users, but the company has denied any private data was exposed.

The breach was reported by RestorePrivacy, an online portal focused on online privacy and security related news. According to the website, a user of a popular hacker forum advertised data from 700 million LinkedIn users for sale on June 22.

The user of the forum posted a sample of the data that includes 1 million LinkedIn users, which includes data such as email addresses, full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL and other information.

In a post on its website on Tuesday, LinkedIn said, "Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update."

Scraping is essentially the process of using an application to extract valuable information from a website.

In contact scraping, which is what happened at LinkedIn in April, the entity responsible has possibly scraped locations like an online employee directory. By doing so, a scraper is able to aggregate contact details for bulk mailing lists, robo calls, or malicious social engineering attempts. This is one of the primary methods both spammers and scammers use to find new targets.

"Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable," LinkedIn said in its statement.

LinkedIn had a user base of 71 million in India in 2019, its second highest.

"Data shared online by users on various applications is as vulnerable as the application they are using. Any vulnerability of the application or its API, may lead to breach of your data. Users should observe a zero trust policy and do not share any confidential data on any public platforms. Enable 2FA and change passwords regularly. Do not accept connections who are not known to you and limit the information that you share with your connections too. It is our data and hence we need to take extra steps to keep our data secure," said Sonit Jain, CEO of GajShield Infotech.