Cyprus Mail
Tech & Science

500 million LinkedIn users affected by data scrape

tech and science linkedin story july

The private information of around half a billion LinkedIn users has been published online for sale as part of a database file.

“An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author,” website Cyber News reported.

According to LinkedIn, the database containing user data was posted on a website known for its popularity among hackers and other online malicious entities. LinkedIn denied the allegations of a full-on data breach taking place, instead clarifying that some of the data scraped and put for sale is public and viewable by other LinkedIn users.

“We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies,” LinkedIn said.

“It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review,” the company added.

While this makes the data scrape seem more benign, it is hardly an innocent act of ‘data aggregation’. Details such as names, emails, job profession and location are among a category of data called ‘personally identifiable information’, something which is of great use to hackers and online scammers.

But what exactly is personally identifiable information and why would hackers want it?

Under the European Union’s Data Protection Directive, which has been in effect since 1995, before its full implementation three years later, personal data includes everything that can be used to identify any one person in real life. This includes their passport or ID number, physical descriptors, social or cultural descriptors, and more.

Moreover, the directive specifies that it solely “applies to data processed by automated means (e.g. a computer database of customers) and data contained in or intended to be part of non-automated filing systems (traditional paper files).” What this means in effect, is that data processed by a human being in a personal or household context does not fall under this legal framework.

Hackers can use personally identifiable information to fine-tune phishing attacks and extort their victims for large amounts of money. The more personal information hackers have about a user the more realistic they can present their phishing emails or messages appear, raising the probability that an individual is duped and falls into their trap.

Follow the Cyprus Mail on Google News

Related Posts

EU lawmakers ratify political deal on artificial intelligence rules

Reuters News Service

France cuts EV subsidy for higher-income buyers

Reuters News Service

Google enables OS upgrades for older PCs post-Windows 10 support cutoff

Reuters News Service

AI firms surge after chip giant Nvidia discloses stake

Reuters News Service

Sony slashes PS5 sales target, plans 2025 IPO for financial unit

Reuters News Service

Cyprus to host Google-backed accelerator, in boost to gaming and tech startups

Kyriacos Nicolaou