2nd Colossal LinkedIn Breach in 3 Mths, All Users Affected - DreamTeamDownloads1, FTP Help, Movies, Bollywood, Applications, etc. & Mature Sex Forum, Rapidshare, Filefactory, Freakshare, Rapidgator, Turbobit, & More MULTI Filehosts

Ladybbird · 10-07-21, 19:40

Second Colossal LinkedIn Breach in 3 Months, Almost All Users Affected

10 July 2021 by Malwarebytes Labs

The underground seller known as TomLiner is in possession of the 700M LinkedIn records on sale. They’re also classed as a “GOD User”, which could suggest that their name has weigh in the underground market. (Source: Privacy Shark)

LinkedIn has reportedly been breached—again—following reports of a massive sale of information scraped from 500M LinkedIn user profiles in the underground in May. According to Privacy Shark, the VPN company who first reported on this incident, a seller called TomLiner showed them he was in possession of 700 million Linkedin user records. That means almost all (92 percent) of LinkedIn’s users are affected by this.

RestorePrivacy, an information site about privacy, examined the proof the seller put out and found the following information, scraped from LinkedIn user profiles:

Email addresses
Full names
Phone numbers
Physical addresses
Geolocation records
LinkedIn username and profile URL
Personal and professional experience/background
Genders
Other social media account usernames

Note that account credentials and banking details don’t appear to be part of the proof. This suggests that the data was scraped rather than breached. Scraping happens when somebody uses a computer program to pull public data from a website, using the website in a way it wasn’t intended to be used. Each individual request or visit is similar to a real user visiting a web page, but the sum total of all the visits leaves the scraper with an enormous database of information.

How was the seller able to scrape hundreds of millions of records? According to RestorePrivacy, the seller abused LinkedIn’s API, a similar tactic to the one used in the almost-as-enormous April LinkedIn “breach”, and the huge Facebook “breach” in the same month.

The seller confirmed that they abused LinkedIn’s API to scrape data. And sells them for $5,000 USD. (Source: RestorePrivacy)

In a statement, Privacy Shark garnered from Leonna Spilman, who spoke on behalf of LinkedIn, the company claims there is really no breach: “While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”

Spilman’s statement echoes the one LinkedIn released after the April “leak” blow out: “We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.”

A redacted shot from a small bit of the “proof-of-breach” sample given by the underground seller. (Source: RestorePrivacy)

10-07-21, 19:40	#1
Ladybbird Join Date: Feb 2011 Posts: 47,626 Thanks: 27,642 Thanked 14,458 Times in 10,262 Posts Awards Showcase Total Awards: 8	2nd Colossal LinkedIn Breach in 3 Mths, All Users Affected Second Colossal LinkedIn Breach in 3 Months, Almost All Users Affected 10 July 2021 by Malwarebytes Labs The underground seller known as TomLiner is in possession of the 700M LinkedIn records on sale. They’re also classed as a “GOD User”, which could suggest that their name has weigh in the underground market. (Source: Privacy Shark) LinkedIn has reportedly been breached—again—following reports of a massive sale of information scraped from 500M LinkedIn user profiles in the underground in May. According to Privacy Shark, the VPN company who first reported on this incident, a seller called TomLiner showed them he was in possession of 700 million Linkedin user records. That means almost all (92 percent) of LinkedIn’s users are affected by this. RestorePrivacy, an information site about privacy, examined the proof the seller put out and found the following information, scraped from LinkedIn user profiles: Email addresses Full names Phone numbers Physical addresses Geolocation records LinkedIn username and profile URL Personal and professional experience/background Genders Other social media account usernames Note that account credentials and banking details don’t appear to be part of the proof. This suggests that the data was scraped rather than breached. Scraping happens when somebody uses a computer program to pull public data from a website, using the website in a way it wasn’t intended to be used. Each individual request or visit is similar to a real user visiting a web page, but the sum total of all the visits leaves the scraper with an enormous database of information. How was the seller able to scrape hundreds of millions of records? According to RestorePrivacy, the seller abused LinkedIn’s API, a similar tactic to the one used in the almost-as-enormous April LinkedIn “breach”, and the huge Facebook “breach” in the same month. The seller confirmed that they abused LinkedIn’s API to scrape data. And sells them for $5,000 USD. (Source: RestorePrivacy) In a statement, Privacy Shark garnered from Leonna Spilman, who spoke on behalf of LinkedIn, the company claims there is really no breach: “While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.” Spilman’s statement echoes the one LinkedIn released after the April “leak” blow out: “We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.” A redacted shot from a small bit of the “proof-of-breach” sample given by the underground seller. (Source: RestorePrivacy) __________________ PUTIN TRUMP & Netanyahu Will Meet in HELL ..................*SHARKS are Closing in on TRUMP*.......................... *TRUMP WARNS; 'There'll Be a Bloodbath* If I Don't Get Elected'..MAGA - MyAssGotArrested...IT's COMING** PLEASE HELP THIS SITE..Click DONATE & Thanks to ALL Members of ... 1.. THIS SITE IS MORE THAN JUST WAREZ...& TO STOP SPAM-IF YOU WANT TO POST, YOUR FIRST POST MUST BE IN WELCOMES

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)