TomLiner, an unknown hacker that last week put up for sale a huge Facebook database, now scraped data of millions of LinkedIn profiles and sells it for a XXXX figure.
The massive database of stolen data contains IDs, names, phone numbers, email addresses and more. The whole set contains 500 million user records.
CyberNews researchers first reported the leak yesterday. They found the database posted on a forum popular with hackers by a user that goes by the username TomLiner asking for a “four-digit $$$$ minimum price” for access to the full database.
This is most likely the same user that last week, posted for sale 533 million records of Facebook users, judging by the avatar and username in both posts.
To prove they have the data, the leaker posted a sample with two million records that users on the forum can review for $2 worth of forum credits.
CyberNews researchers confirmed the data in the sample indeed belonged to LinkedIn users, but added that “it’s unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies.”
The sample contained mostly professional information, such as LinkedIn IDs, full names, email addresses, phone numbers, user gender, professional titles, links to LinkedIn profiles, links to other connected social media profiles, and other work-related data. The leaked data doesn’t appear to contain any credit card or financial information or passwords.
But even the data that did leak can lead to phishing, social engineering attacks, and identity theft.
“Particularly determined attackers can combine information found in the leaked files with other data breaches in order to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft,” CyberNews said.