A recent media report suggests that data of over 700 million users have been leaked online and put for sale by a hacker. This is a huge number, which accounts for over 92% of the total LinkedIn users. According to Privacy Sharks, the data contained personal details of LinkedIn users, including phone numbers, physical addresses, geolocation data, and inferred salaries. The hacker had first posted a sample of data for one million users on June 22.
However, LinkedIn denied accepting a data leak. "Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach, and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update," LinkedIn said.
The leaked dataset does not include passwords, but the information is still very valuable and could amount to identity theft or phishing attempts. The hacker got hold of the data by exploiting the LinkedIn API. The vulnerability allowed the hacker to harvest the information that people upload to the site.
This is the second such breach of its kind. Earlier in April, data of around 500 million was stolen through the very same vulnerability from LinkedIn. At the time, LinkedIn acknowledged the data breach. After this incident, it is better to change the password and enable two-factor authentication (2FA) if possible.