Almost All LinkedIn User’s Data Has Been Scraped and is Up for Sale on the Dark Web



LinkedIn's User Data Has Been Scraped700 Million LinkedIn user’s personal details were posted for sale earlier this month, putting 92% of their userbase at risk of social engineering and spear phishing attacks.

Hacker TomLiner put up a post last week on the dark web offering 700 Million LinkedIn records. Listed as a “GOD User”, no doubt TomLiner is active and well-known in that online community.

700mlinkedinleak

 

 

 

 

 

 

 

 

 

 

Source: LinkedIn

The data includes a number of details about each user, including:

  • Email addresses
  • Full names
  • Phone numbers
  • Physical addresses
  • Geolocation records
  • LinkedIn username and profile URL
  • Personal and professional experience/background
  • Genders
  • Other social media account usernames

What makes this so dangerous is that this aids the spear phishing diligence the cybercriminals already do as part of Business Email Compromise attacks. In many ways, these details make the job easier. The more legitimate a BEC phishing email can be made to look legitimate using actual details, the more likely the scam will be successful.

According to LinkedIn, this isn’t technically a breach, since no private information was stolen. Instead, they claim it’s an aggregate of the 500 Million records stolen in April and other sites.

Even so, just knowing that cyber criminals can arm themselves with some impactful details familiar to the potential victim, you should be looking for ways to empower users to know when they’re being targeted. Security Awareness Training is one of the most effective ways, as it opens the user’s eyes to how the bad guys try to trick them, teaching them to be vigilant – even when emails appear legitimate.


Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

SPT-monitorHere's how the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/social-media-phishing-test

Subscribe To Our Blog


Cybersecurity Awareness Month Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews