Within two months of a major data breach of LinkedIn users, the personal details of LinkedIn subscribers have once again been compromised. Although the executives at LinkedIn have denied any data breach, the company has probed allegations on whether the data was posted on the dark web for sale.
Last week, hacker TomLiner posted on the dark web a post offering 700 million LinkedIn records. TomLiner, who is listed as a “GOD User,” is undoubtedly active and well-known in that online group.
Each user’s data comprises the following information:
- Email addresses
- Full names
- Phone numbers
- Physical addresses
- Geolocation records
- LinkedIn username and profile URL
- Personal and professional experience/background
- Other social media account usernames
What makes this so hazardous is that it helps crooks with their spear phishing activities, which they already perform as part of Business Email Compromise (BEC) attacks. These factors make the task easier in many ways. The more realistic a BEC phishing email can be made to appear by leveraging real information, the more likely the con will succeed.
According to LinkedIn, there was no sensitive information collected, therefore this isn’t really a breach. Instead, they claim it’s a combination of 500 million records stolen in April and other websites.
Even so, individuals need to be educated on when they’re being targeted, as data thieves can arm themselves with their victim’s personal data and use it against them. One of the most effective methods is security awareness training, which educates users on how bad guys try to deceive them and educates them to be cautious even when emails seems to be legitimate.
As many of us continue to engage on social media platforms such as Facebook, LinkedIn, and Twitter. Data thieves have utilised these platforms to scrape our profile information to construct targeted spear phishing campaigns in an attempt to hijack accounts, ruin company reputation and gain network access.
How can you protect your data?
Make sure your apps’ safety, security, and privacy settings are correct. Create a strong password and update it on a regular basis. Wherever possible, activate two-factor authentication (2FA). Do not accept invitations from someone you do not know. There are other sites like “Have I Been Pwned,” which informs users whether their email address has been compromised as part of a data breach.