in , , , , ,

Details On 700 Million LinkedIn Users For Sale On Notorious Hacking Forum

Just two months ago, LinkedIn found itself facing a government probe after data on 500 million of its users was scraped and posted online. Now it’s happened again. This time a whopping 700 million users have been impacted.

A user on RaidForums put the data up for sale late last week. It was spotted by the news site Privacy Sharks, who contacted LinkedIn after verifying a 1 million record sample offered by the seller.

So where did the data come from? Was it obtained during a breach? Did someone discover a misconfigured database that left all 700 million records exposed for anyone who happened to stumble across it to download?

LinkedIn contends it was none of the above.

In a statement the company reported that “this was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed.” LinkedIn is still investigating but added “initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources.”

If that explanation sounds familiar, it’s because it was published after a similar event just two months ago.

Data of some 500 million LinkedIn users was “leaked” in a similar way back in April. LinkedIn maintained that all of the data was publicly available and was likely the result of data scraping and the compilation of information from a number of different websites.

Regardless of how the data wound up in the hands of a seller on one of the most notorious data marketplaces around, it’s still a potentially huge problem for the 700 million people whose details are included.

When you publish information about yourself online, the reality is that it’s out there for anyone who happens upon it to read, download, store and analyze. The only thing standing in the way is a site’s terms of service.

LinkedIn notes that its ToS does expressly prohibit data scraping and the company has shown a willingness to litigate — most notably against the “data analytics” startup hiQ.

The 9th US Circuit Court of Appeals ruled data scraping was legal in 2019. LinkedIn pushed the case all the way to The Supreme Court, which earlier this month threw out the lower court’s original ruling.

LinkedIn will now have another chance to plead its case in the 9th Circuit.

What do you think?

Some State Governments Are Banning Businesses From Asking Customers About Covid-19 Vaccination Status — Why That’s A Bad Idea

When agile meets hybrid work: 4 must-do’s for leaders