500 million LinkedIn profiles for sale on the web

Hacker’s Dictionary. An alleged hacker has sold the personal and professional data of almost all users of the Microsoft platform. With that data, 21 million Italian users are at risk of being scammed

by ARTURO DI CORINTO

Hacker’s Dictionary, Arturo Di Corinto

An entire archive of data from LinkedIn is for sale on the usual hacker forum. This is 500 million profiles out of 600 million subscribers to the popular Microsoft social network. The seller, to prove that they have it, allows you to download a part, 2 million, divided into four separate files, at a price of 2 dollars. Personal data and work information together.

The confirmation comes from Pierguido Iezzi of Swascan: “They asked us 1500 euros for the whole database, but obviously we have no intention of buying it, it’s illegal”.

The fact follows within days of a similar announcement concerning data stolen from Facebook in 2019 and bounced in the Easter newspapers due to the alarm that resulted in the renewed availability of 533 million phone numbers stolen from the Zuckerberg platform.

In both cases it would not be a question of a databreach, that is a violation of the platforms carried out with a real cyber-attack, but of a collection activity via the web of this data called “web data scraping” (automated extraction of data web).

LinkedIn’s data is more interesting than Facebook’s from a business point of view as Nicola Bernardi of FederPrivacy noted. “The fear now is that a large part of the 21 million Italian users is also involved in this maxi violation, in which the stolen information would include usernames, names, email addresses, telephone numbers, gender, connections to others LinkedIn profiles and those of other social media, as well as professional titles and other information relating to their activities that users generally upload to their profile “.

All this raises a reputational problem. According to a study conducted by Kaspersky globally, more than half of Italians (58%) are wary of online services that suffer a breach or data breach. Distrust increases if the online service misuses data. 65% of Italians said they would stop using the provider’s services for fear that their information could be sold to third parties.

Considering that the personal data of one in twenty respondents (5%) has been inappropriately shared by third parties — resulting in the disclosure of sensitive personal data (45%) or loss of money (50%) — the problem for companies is serious .

To our request for comment, LinkedIn responded: “Scraping member data on LinkedIn violates our terms of service, and we are constantly working to protect our members and their data.”

But according to Iezzi “We shouldn’t be surprised by the volume of data collected. It is actually the same data that each of us can manually access when we go to visit the profile of an acquaintance, customer, employee or supplier. What is worrying is that a simple Google query is enough to find numerous applications aimed precisely at LinkedIn scraping, whose protection systems have obviously not been effective “.

In January we wrote about the error in configuring a database by the company SocialArks which revealed 318 million records collected by Facebook, Instagram and LinkedIn, 400 GB of public and private profiles, related to 214 million social media users from around the world, including personal details from celebrities and influencers. Data that users kept private.
SocialArks is a Chinese social media marketing company. How did you get this data? Through a data scraping process.

Teacher, journalist, hacktivist. Privacy advocate, copyright critic, free software fan, cybersecurity curious.