Update: LinkedIn has commented on the alleged scraping of content and concluded that is not what happened. The statement is reposted below.
Members trust LinkedIn with their data, and we take action to protect that trust. We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.
Any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable. – LinkedIn 4/9/2021
As reported by CyberNews (via OnMSFT), 500 million profiles on LinkedIn have had their profiles scraped for data. But that’s not the worst of it. The worst part is that the data scraper responsible (if it is, in fact, a single actor) is now selling that data, looking for a four-digit minimum price tag in exchange for the goods.
It’s reported that the scraper is selling the info on a forum and is accepting around two dollars’ worth of forum credit in exchange for a two-million-profile sized sampling of the data. Pay two bucks, get two million accounts’ info. It’s a heck of a bargain if you want the benefits of LinkedIn without having to actually set up an account and be a social human being.
This isn’t even the first time this week that so many individuals have been left exposed to the ne’er-do-wells of the internet. A few days ago, 533 million compromised Facebook accounts got their info blasted, though the data itself stemmed from a breach dating all the way back to 2019. Still, old data or otherwise, no one likes their personal details going public without their consent.
Whether it be Facebook or Microsoft-owned LinkedIn, let this be a reminder that no data is ever truly safe on the web. For layers of protection, you can try the best Windows 10 password managers or best Windows 10 password generators. But if you want true security, it’s best to keep all key data offline and written on physical sticky notes, locked in a safe, and then tossed to the bottom of the Scottish Sea.