Massive LinkedIn data leak affects nearly 70 percent accounts
What's the story
Private data belonging to a whopping 500 million LinkedIn users has been leaked. Leaked credentials include LinkedIn ID, email addresses, phone numbers, full names, and gender details. The security snafu comes hot on the heels of Facebook data leak which affected 533 million users. However, the LinkedIn leak is significantly worse because it affects approximately 70 percent of its userbase.
Free sample
Hacker releases 2 million user records as proof for buyers
The leaked data from the professional networking website has been shared on a hacker forum, but it isn't clear if it has been aggregated from a prior LinkedIn breach. The hacker selling the data has also released two million leaked records, so that potential buyers can verify its authenticity. The hacker demands a four-digit minimum payout (apparently in Bitcoins) to part with the bounty.
Assume the worst
There's a 7/10 chance that your data has been compromised
Cybernews has parsed 780,000 leaked records into its personal data leak checking tool, so you can check if your account is compromised. However, even if the tool shows you are safe, it could be among the 99.6 percent of leaked records that haven't been revealed yet. If you have a LinkedIn account, there's a 7 in 10 chance that your data has been compromised.
Data scraping
Hackers may have used same tactic employed in Facebook leak
The enterprising hacker is also allowing forum members to see if their accounts have been affected for $2 worth of forum credits. The hacker claims to have scraped the data off LinkedIn, in a strategy similar to what caused the Facebook leak. LinkedIn, however, denies a data breach, and claims this "is actually an aggregation of data from a number of websites and companies".
Risk assessment
How does this data leak affect you as LinkedIn user?
Once the data is sold, hackers can use it to carry out targeted phishing attacks, spam emails and phone numbers, gain entry to accounts using leaked credentials using brute force password cracking methods. Although the breach doesn't seem to have credit card details or sensitive legal data, hackers can use a combination of leaked information in conjunction with social engineering to compromise other accounts.
Security checklist
Here's how you safeguard yourself against impending risks
To ensure safety, it is wise to use the aforementioned leak checking tool to verify if you have been affected. But you should change the password of the affected LinkedIn email ID irrespective of that. Using two-factor authentication tools such as Google Authenticator or those offered by your account service provider go a long way. Finally, learn how to prevent impending phishing attempts.