LinkedIn data from 92 percent of users for sale on dark web for just $5000

Cybersecurity site recommends changing passwords in light of latest data scrape.
Cybersecurity site recommends changing passwords in light of latest data scrape. Photo credit: Getty Images

Just two months after 500 million LinkedIn accounts were scraped for data and put up for sale on a popular hacker forum, data from 700 million users is now available on the dark web.

That total represents around 92 percent of the reported 756 million total users of the professional networking site.

Privacy Sharks, a cybersecurity website, was the first to identify that new data records had been put up for sale.

Researchers viewed a sample of one million records the seller provided to prove their existence, and confirmed full names, gender, email addresses, geolocation records, inferred salaries and more were included.

RestorePrivacy, an online privacy resource centre, also analysed and cross-checked the data and came to the conclusion it was authentic and related to real users, as well as being up to date.

RestorePrivacy reached out to the user directly, who wanted US$5000 for the complete data set and confirmed they had done it by abusing LinkedIn's API, a piece of software that allows applications to talk to each other.

"While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources," a spokesperson for LinkedIn told Privacy Sharks.

"This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members' privacy is protected."

Privacy Sharks recommends LinkedIn users update their password for the site in light of the latest data scrape.

And they warned the apparent lack of credit card details and private messages in the data doesn't mean there's no threat to users.

"Expert hackers may still be able to track down sensitive data through just an email address," it said.

"LinkedIn users could also be on the receiving end of email or telephone scams that trick them into sharing sensitive credentials or transferring large amounts of money.

"Brute force attacks are also something that LinkedIn users affected by the leak will need to be aware of. Using email addresses provided in the records, hackers may attempt to access users' accounts using various combinations of common password characters."