Suddenly this week, huge collections of data are being sold on the dark web from social media breaches. Another in the lineup is 500 million LinkedIn users’ accounts for sale on the dark web. The hacker posted 2 million records as proof of the cache.
What is Going On?
Short on the heels of the Facebook data breach leak earlier this week, this time it’s LinkedIn. Purportedly 500 million LinkedIn users’ profile data is available online from a dark web hacker. They posted 2 million of the records as proof to get buyers to make bids.
The dark web author claims to have four files with scraped information from LinkedIn profiles, including names, email addresses, phone numbers, workplace details, and other information.
Anyone willing to pay $2 (in forum credits) can view the sample of leaked data, but the hacker is looking for bids in the 4-digit region to sell the entire treasure trove. Typically, these sums must be paid in Bitcoin to avoid detection.
Cyber News claims that the data is legitimate, and they tested the sample. However, it is not yet clear if the data comes from old data breaches or a brand-new attack with current information.
They contacted LinkedIn for comment and then to confirm that there was a new data breach, but LinkedIn has not yet replied. If it is, users will need to be notified as soon as possible.
What is LinkedIn, and Why is it a Good Target?
LinkedIn is one of the many social media platforms online where people connect. However, LinkedIn is unique in that it is designed for professionals and companies rather than individuals. A lot of companies use LinkedIn to post jobs, connect with prospective employees and recruit new talent. Because of the job component, many hopeful candidates fill their profiles with personal and professional details and even upload their resumes. That is a lot of sensitive information that could lead to identity theft and fraud in the wrong hands.
Any time a cybercriminal can get their hands on names, email addresses, and phone numbers, it’s a win. Those items can be used for phone call scams, phishing emails, and other types of deceit. Sharing so much personal information online is proving to be the downfall of many.
How to Keep Your Social Media Accounts Safe
To keep your private information out of the hands of hackers, share as little as possible online on social media. You can always share a resume later with a company you want to connect with after getting their attention. Other tips to stay safe include:
- Secure your online accounts with the maximum privacy settings and only connect with known individuals.
- Use super strong and long passwords on all your social media accounts.
- Turn on two-factor authentication so only you can access and post to your account.
- Never share your logins with anyone.
- Do not click links in social media or on ads even if they look legitimate. Instead, visit the company website directly.
- Be careful; not everyone who connects with you on social media is who they say they are. A lot of scammers “catfish” and pretend to be someone else.
- Review your social media account rules and see who can post on your behalf.
- Review any apps that have access to your social media accounts. Third-party apps can be vulnerable to hacking.
- Create a single email address that you use only for social media accounts. That way, your professional email will stay out of the hands of cybercriminals.
If your information is found in a social media data breach, sign up for identity and credit monitoring to protect your assets and avoid identity theft.