Earlier this year, LinkedIn suffered a massive data leak that claimed the personal information of five hundred million users, last week another data set showed up on the dark web for over seven hundred million or 92 percent of platform.
According to an exclusive story from PrivacySharks a total of 756 million users of LinkedIn have had their data compromised and similar to the April headlines, a hacker was able to grab user details such as email address, phone numbers, company information, full names, LinkedIn IDs, genders and links to 3rd party social media accounts.
Again, similar to the earlier LinkedIn breach, the hacker/seller "GOD User" aka, TomLiner is putting the leaked data up for sale on the dark web and showing proof a legitimacy by releasing the sample set of data of one million of the users from the breach.
LinkedIn responded to questions from Privacy Sharks with the following,
“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
Based on the LinkedIn response, it seems that the leaked info has come via a data "scrape" of the platform made possible by exploiting a "LinkedIn API to harvest information that people upload to the site."
The most recent breach is the second in most notable data leak for the company in less than six months and begs the question, what is LinkedIn doing to prevent future "scrapping" incidents?