A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries.

The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up-to-date.

Reports indicate that the hacker appears to have misused the official LinkedIn API to download the data, the same method used in a similar breach back in April.

On June 22nd, a user of a popular hacker advertised data from 700 Million LinkedIn users for sale. The user of the forum posted up a sample of the data that includes 1 million LinkedIn users. The sample was examined and found to contain the following information:

·      Email Addresses

·      Full names

·      Phone numbers

·      Physical addresses

·      Geolocation records

·      LinkedIn username and profile URL

·      Personal and professional experience/background

·      Genders

·      Other social media accounts and usernames

Based on analysis by researchers and cross-checking data from the sample with other publicly available information, it appears all data is authentic and tied to real users. Additionally, the data does appear to be up to date, with samples from 2020 to 2021.

No passwords are included, but as the site notes, this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites.

Although passwords were not included we still recommend you change your LinkedIn password and enable MFA (we strongly recommend MFA on any and all accounts you access online). We also recommend vigilance against social engineering attempts using information gleaned from this breach.

Original post: LinkedIn breach reportedly exposes data of 92% of users