LinkedIn is a critical tool for businesses and business professionals to interact with each other, share ideas and progress careers. It is also a useful tool for criminals and state-actors to infiltrate organisations and governments. A recent breach in 2021 reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries.
The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up-to-date.
The information the hacker obtained was:
- Email Addresses
- Full names
- Phone numbers
- Physical addresses
- Geolocation records
- LinkedIn username and profile URL
- Personal and professional experience/background
- Other social media accounts and usernames
Here are some tips to consider to operate safely online and mitigate risk:
1. Use a standalone email address. Nefarious actors can access your email address through LinkedIn, and by cross referencing that with past hacks may be able to associate other breached accounts with you
2. Use two factor authentication (2FA). This goes for all online accounts. It is a crucial measure to take in practicing good cyber hygiene
3. Know how to recognise phishing emails. As mentioned, LinkedIn is associated with an email address, and your page often gives away significant information allowing for criminals to send targeted and relevant emails to you
4. Avoid accepting strangers’ connection requests. While it may be tempting to accept a recruiter’s invitation through curiosity, it is important to do sufficient due diligence to avoid opening up your profile and the contents to an unknown individual
5. Avoid divulging unnecessary personal information