After 500 million LinkedIn users were affected by a data-scraping incident in April, and now another 700 million people have been affected in a new incident.
A hacker calling himself “GOD User TomLiner” posted on a forum a collection of 700 million LinkedIn records. The post was first reported by analysts from Privacy Sharks. The records were allegedly stolen from the social network by hackers.
An advertisement on RaidForums posted on June 22 claimed that the collection had 700 million records. The seller posted a sample of 1 million records as “proof.”
Operators of Privacy Sharks, a website dedicated to online safety and privacy, said that they analyzed the free sample and it included full names, email addresses, gender, phone numbers, and industry information.
The data was likely collected from LinkedIn by scraping, a technique where a computer program extracts data from human-readable output coming from another program or website.
As previously, LinkedIn says there was no breach of its networks this time either:
“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources,” according to the company’s press statement. “This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
There are about 200 million more records in the new collection, and researchers suggest that it is possible new data has been scraped and added to the previous 500 Gb collection.
The good news is that the breach did not include highly sensitive information such as credit card data and private messages.
“The leaked information poses a threat to affected LinkedIn users,” according to Privacy Sharks. “With details such as email addresses and phone numbers made available to buyers online, LinkedIn individuals could become the target of spam campaigns, or worse still, victims of identity theft.”