A data breach into LinkedIn exposed data of more than 700M users making up almost 92% of LinkedIn’s total users. This means that if you have a LinkedIn account then your data has probably been exposed.
It is reportedly being sold on the dark web in an ‘online cybercrime marketplace.’ The person selling the data is reported to go by the name TomLiner who posted a sale notice on Raid Forums. This was open to the public on June 22.
This data includes the users’ full names, their workplace email addresses, mobile phone numbers, workplace addresses, date of birth, job title, Twitter and Facebook IDs, regional locations and in rare cases the specific GPS coordinates.
These however as many as you may have noticed are widely available on many people’s LinkedIn profile pages and so accessible to a wide audience anyway.
GPS coordinates are significant as stalkers and burglars use that to track you down.
In a report, tomsguide found that there were significant geographic coordinates entries, even more than the number of phone numbers and email addresses.
This can be attributed to the fact that most users do not know that their phones upload their GPS Data onto the LinkedIn servers when using the app.
These coordinates can be translated to map locations very easily and thus expose the user. If for instance, a burglar can piece a name, address and the user’s geographical co-ordinate then they are sure to find them.
The good news however is that most users provided nothing else besides their full names, LinkedIn IDs, usernames, URLs. It seems that most users are smart enough not to share important information about them on such a public platform. Only 7.5% of users were reported to have provided their workplace email address with a far fewer number sharing their phone numbers.
This however does not mean that these users are completely safe. Hackers usually sell this information to ‘shady’ organizations who may target you with spam email and all sorts of unnecessary marketing content.
This is the second breach in just a few months with the previous one posting data of more than 500 million user profiles.
It does not bode well for LinkedIn at a time where data privacy has been a key focus. LinkedIn was quick to absolve itself of any responsibility saying: “This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed.”
This however is surely not going to comfort most users who trust LinkedIn to protect their data.
How to Protect Yourself
If huge companies like LinkedIn can get hacked then this means that no company is really secure. It is thus important for any user to safeguard and even prepare themselves for such attacks. Currently the best way is to minimize the damage in the eventuality of a breach and this means sharing as little personal information on such public forums. This means no phone numbers, personal or work emails and most importantly GPS Data.
Note that this warning also applies to other widely accessible platforms such as Twitter and Facebook.