The LinkedIn database leak consisted of two parts: one containing 5 million user records and the other containing 35 million records.
LinkedIn’s database containing the personal information of more than 35 million users was leaked by a hacker using the pseudonym USDoD. The database leak happened on the infamous cybercriminal and hacker platform Breach Forums.
It’s important to note that the USDoD is the same hacker responsible for breaching the FBI’s InfraGard security platform last year and exposing the personal data of 87,000 of its members.
The hacker confirmed in a post on Breach Forums that the latest LinkedIn database was obtained through web harvesting. Web scraping is an automated process used by software to retrieve data from websites, primarily to gather specific information from web pages.
Regarding the content of the data, as noted by Hackread.com, the database mostly contains publicly available information from LinkedIn profiles, including full names and profile bios. Despite the fact that the database contains millions of email addresses, it can be noted that there are no passwords in the leaked data.
The screenshot below shows that the email addresses listed in the hack belong to high-ranking US government officials and agencies. In addition, e-mail addresses of various government agencies around the world were discovered.
Troy Hunt of HaveIBeenPwned analyzed over 5 million accounts from the database and concluded that it contains a mixture of information from various sources, such as public LinkedIn profiles, fake email addresses and other sources. Troy emphasizes that while some of the data may be anecdotal or partially fabricated, the people, companies, domains, and many email addresses are real.
“Since the conclusion is that there is a significant component of legitimate data in this corpus, I uploaded it to HIBP,” Hunt explained. But since there are also a significant number of bogus email addresses out there, I’ve flagged it as a spam list, which means the addresses won’t affect anyone’s paid subscription scale as long as they control the domains. “
However, this is not the first time that LinkedIn’s defunct database has been leaked online. In April 2021, attackers sold two cloned LinkedIn databases containing 500 million and 827 million records. In June 2021, a hacker sold a defunct LinkedIn database containing the data of 700 million users.
Conclusion: Linkedin can’t be trusted, they don’t draw conclusions and they always have one opinion. Sooner or later, this is not going to end well (unless they get their act together and get serious about security!).