LinkedIn Data Breach: 500 million Users Data on sale online and 2 million records Leaked
500 million LinkedIn profiles are being offered for sale on a well-known hacker forum, and an additional 2 million records have been leaked as a sample.
Medusa
10 mins
Introduction
On October 4th, an anonymous threat actor allegedly scraped data from LinkedIn users. This data includes full names, email addresses, phone numbers, and workplace information.
On a hacker forum, users can view the leaked samples for roughly $2 in forum credits. However, the threat actor appears to be auctioning off a larger database of 500 million users for a minimum four-digit sum, likely in Bitcoin.
What Happened?
Following the developments on October 4th, the situation took another twist. More unauthorized individuals began attempting to leverage the leak. By the end of the week, a new party had offered a set of LinkedIn databases on the same hacker forum, demanding a payment of $7,000 in bitcoin.
This new participant claimed possession of both the original database comprising 500 million profiles and six additional databases. These supplementary databases allegedly held 327 million LinkedIn profiles, all acquired through data scraping.
There could potentially be 827 million scraped profiles, which exceeds LinkedIn's actual user count of over 740 million by more than 10%. This suggests that some, or possibly most, of the newly sold data by the threat actor could be duplicates or outdated information.
Impact
The leak of LinkedIn emails and passwords has enabled a Brute-Force Attack.
The exposure of personal information in the breach has now increased the risk of Identity Theft.
Cybercriminals can use the leaked data to conduct scams and phishing attacks, tricking individuals into revealing more sensitive information.
Both employers and employees on LinkedIn experience a significant loss of trust from customers and partners, which damages their reputation.
Misuse of the leaked LinkedIn profile contact information can lead to spamming of 500 million emails and phone numbers, enabling the sending of unsolicited messages and calls on a massive scale.
Method of Attack: Data Scraping
Data scraping is an automated process that involves extracting information from websites, databases, or any other data sources. It is a method that is widely used in the field of data analysis and web indexing. However, it can also be misused by malicious actors for various nefarious activities.
Attackers often employ bots or scripts to carry out data scraping. These bots or scripts are programmed to rapidly collect specific types of data. For instance, they might be set up to scrape email addresses or phone numbers from a website or to extract product data from an e-commerce site.
Moreover, the rate at which these bots or scripts can collect data is often unnaturally fast, far surpassing what a human could manually achieve. This is a major reason why data scraping poses such a significant threat.
It allows attackers to amass a large volume of data in a short period of time, which can then be used or sold for malicious purposes.
To counteract this, many websites and online platforms employ measures such as rate limiting to control the number of requests a user or system can make within a specific time frame. This can help protect against data scraping by limiting how quickly requests can be made to a server, and by making it difficult for scrapers to fetch data at an unnaturally fast pace.
Rate limiting is a preventive measure employed by developers and online platforms to control the number of requests a user or APIs can make within a specific time frame. Here's how rate limiting helps prevent data scraping:
Limits Request Frequency: Rate limiting sets a cap on how quickly requests can be made to a server. Scrapers often attempt to fetch a large volume of data rapidly. With rate limiting, if the requests exceed the allowed rate, the server can start delaying or denying further requests.
Deters Automated Scrapers: Scraping is often an automated process where bots send a high number of requests in a short time. Rate limiting makes it difficult for scrapers to fetch data at an unnaturally fast pace, discouraging automated scraping attempts.
Protects Server Resources: Data scraping can strain server resources, affecting the performance for legitimate users. Rate limiting ensures that server resources are distributed fairly and efficiently, preventing overload and maintaining a smooth user experience.
Enhances Security: By controlling the rate of incoming requests, rate limiting helps prevent denial-of-service attacks and protects against other forms of abuse. It adds a layer of security by mitigating the risk of unauthorized access and data extraction.
Want the best proactive API Security product?
Our customers love us for our proactive approach and world class API Security test templates. Try Akto's test library yourself in your testing playground. Play with the default test or add your own.
How users can protect themselves?
To prevent brute-forcing of credentials, users can follow these measures:
Use Strong Passwords: Opt for a complex password with a combination of uppercase and lowercase letters, numbers, and special characters. Avoid common words or phrases, and change your password regularly.
Two-factor Authentication (2FA): Enable 2FA whenever available. This adds an extra layer of security by requiring a second form of verification, such as a fingerprint, facial recognition, or a code sent to your phone.
Avoid Reusing Passwords: Using the same password across multiple accounts increases the risk of multiple accounts being compromised if one gets hacked. Use a unique password for each account.
Use a Password Manager: Password managers help to securely store complex passwords and auto-fill them when required, reducing the risk of brute-force attacks.
Be Aware of Phishing Attempts: Always check the source of emails and messages. If you receive a suspicious email asking for your credentials, do not click on any links or provide any information.
Key Measures to such Prevent Breaches in Organizations
Continuous Security testing: Continuously test your APIs for vulnerabilities before deploying in production. To find and mitigate vulnerabilities such as rate limiting, use API Security platforms such as Akto.
Implement Rate Limiting: As a developer, restrict the number of login attempts within a certain timeframe to prevent brute-force attacks.
Use Two-Factor Authentication: Implement two-factor authentication for an extra layer of security. This ensures that even if a hacker obtains a user's password, they would still need the second factor to access the account.
Encrypt Data: Encrypt sensitive user data both at rest and in transit to protect the data, making it unreadable without the encryption key, even if a breach occurs.
Conclusion
In conclusion, the LinkedIn data breach highlights the importance of strong cybersecurity measures. Both organizations and individuals must take steps to protect sensitive data, such as using strong passwords, enabling two-factor authentication, and security tools. As cyber threats continue to evolve, it's crucial to stay informed and vigilant to prevent potential breaches.
Keep reading
News
7 mins
March Product News: 98 New Tests, Dynamic wordlists, and more
This edition of Akto’s newsletter is packed with new features and tests that will greatly decrease your API Security testing time and increase targeted testing.
Product updates
5 mins
Detailed Errors on Postman and Swagger File Import
Akto now replays APIs to automatically get data during an import of Postman and Swagger files and transparently displays reasons why each specific API couldn't be replayed in the case of an error.
Product updates
5 mins
Added 98 New API Security Tests across 5 OWASP categories
Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.