Hackers have sold data from over 500 million LinkedIn users online on illegal forum sites. The second major data breach incident, which occurred right after a similar incident involving Facebook, took place on LinkedIn.
Among the published data of LinkedIn users; user IDs, full names, e-mail addresses, phone numbers, professional titles and other work-related data. It has been determined that an archive file containing the data of approximately 500 million accounts on the LinkedIn platform was put up for sale in an illegal forum of cyber threat actors. The hackers submitted the data of 2 million users to prove the accuracy of the data in an illegal online forum. When the researchers looked at the samples on the illegal forum, they discovered the relevant set of data and confirmed that the data was associated with LinkedIn user accounts. However, it remains unclear whether the attackers were selling updated LinkedIn profiles, whether the data resulted from a previous breach by LinkedIn or other companies.
Sızan verilere bir örnek:
While the data obtained does not contain sensitive information such as credit card information or social security numbers, it does contain data that could help cyber attackers attempt social engineering attacks. For example; Hackers send fake emails to users with data such as email addresses and phone numbers that look real but contain links to malicious websites. Therefore, users are exposed to phishing attacks.
It has been reported that the leaked data can be used by attackers in various ways, such as phishing attacks on LinkedIn users, spamming 500 million email and phone numbers, and cracking the passwords of LinkedIn accounts and email addresses.
Cyberarts information security team, in order to prevent users from being exposed to such a cyber attack; recommends that they beware of suspicious messages, e-mails and connection requests from people they do not know, change the passwords of their e-mail accounts connected to LinkedIn, and enable two-factor authentication (2FA) on all online accounts used.
Source:
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.