Last Updated: April 29, 2021
Following Facebook’s recent data leak, LinkedIn has now found itself involved in a cyberattack incident. The attackers used a similar technique—“scraping” the data from the services. LinkedIn’s internal database wasn’t breached in the attack.
Luckily, the scraped data doesn’t include any sensitive information, such as Social Security numbers or credit card information, but it still represents a massive breach of 500 million users’ private data. The breach was discovered on an online hacker forum by CyberNews that verified its association with LinkedIn.
Another Huge Cyberattack Shakes the World of Social Media
Data scraping—or web scraping—uses bots to extract data and content from a website by extracting the HTML code. By doing this, the hackers can replicate this content in another location. However, data scraping doesn’t always have to be a shady and illegal practice. It’s also used by legitimate companies that rely on data harvesting. The situation is different in this case because this type of scraping violates LinkedIn’s Service Terms.
The positive thing in this negative situation is that the hackers didn’t get a hold of sensitive data. Still, the breach gave them access to users’ full names, phone numbers, email addresses, user IDs, job titles, and more. This information provides the hackers with a means to further their attacks by using it (especially full names and emails) for phishing attacks, identity theft, or more complex hacking attempts.
In a statement, LinkedIn revealed that the data was sourced from multiple websites and companies. The age of the stolen data is currently unclear.
Is Your Data Safe?
In 2019, LinkedIn fought a legal battle against HiQ, an analytics company, to prevent it from scraping its data. In a historic decision (for data scraping, that is), the US Court of Appeals denied LinkedIn’s request.
All data is publicly available, and, unfortunately, it is vulnerable to both legal and illegal data scraping. The “scrapers” are hard to locate since they usually use VPNs such as Surfshark, as well as other tools, to change their IP addresses.
As for protection from future data breaches, the users don’t have much power to protect their data—that’s the companies’ responsibility. LinkedIn still hasn’t come up with a statement on how it plans to prevent future data breaches.
As a user, what you can do to protect your data is to closely monitor your accounts, limit some apps’ access to your data, consider limiting the personal information you share online, and narrow down those who can view your social media accounts by making them private. If you are serious about identity theft protection, consider hiring a specialized company to do it for you.
If you want to find out whether your data was stolen in this breach and any similar future incidents, you can do so by visiting https://haveibeenpwned.com/.