LinkedIn Has Problems

TechRadar is reporting that the personal data of about 500 million LinkedIn users is being sold on a popular hacking forum. Cyber security analysts discovered this evidence, which includes LinkedIn IDs, full names, email addresses, phone numbers, genders, links to LinkedIn profiles, links to other social media profiles, and professional titles, and other work-related data. On a good note, no associated passwords or payment data appear to have been affected.

LinkedIn boasts of nearly 740 million users; if the leaker selling this collection of stolen data is telling the truth, then it is safe to assume anyone with a LinkedIn account could be among the 500 million leaked records. TechRadar provides precautions to protect their accounts and their personal data by:

Changing LinkedIn account passwords and email account passwords associated with LinkedIn profiles.
Creating a strong, random, unique password, and storing it in a password manager that can auto-fill logins.
Enabling two-factor authentication (2FA) on LinkedIn accounts and any other account that offers 2FA.
Being wary of LinkedIn messages and connection requests from unknown people.
Learning to identify phishing emails and text messages.
Never opening links to websites from an email, and instead navigating to a site manually and logging in there.
Installing strong anti-phishing and anti-malware software.

As proof that the information is valid, the seller is offering two million entries for about $2 worth of forum credits. Researchers have analyzed the sample and confirmed that it is legitimate. It remains unsure if this is freshly stolen information, or if it is just aggregated data from previous breaches.[1]

“Particularly determined attackers can combine information found in the leaked files with other data breaches in order to create detailed profiles of their potential victims,” a report warns. “With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum."

The criminal seller is now asking for a four-figure payment. The news comes shortly after cyber security experts were warning of a new scam targeting job hunters on LinkedIn where fraudsters would send a .ZIP file to the victim, containing what they believe to be a potential application. Instead, the archive contained a fileless backdoor, allowing attackers to stealthily install other malware, ransomware, keyloggers, or any other malicious programs. The analysts described it as a “formidable threat to businesses and business professionals,” as it can avoid detection and exfiltrate data.

If you suspect you are being targeted by a phishing attack on LinkedIn, experts are suggesting you change your login data immediately, enable two-factor authentication, and make sure not to click any links, or download any attachments, unless positive they are from a legitimate source. LinkedIn is yet to comment on the alleged breach, but they will send you a message if they think you have invited too many people to connect with you.

Red Sky Alliance has been analyzing and documenting these type of cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at https://redskyalliance.org at no charge. Many past tactics are often dusted off and reused in current malicious campaigns. Red Sky Alliance can provide actionable cyber intelligence and weekly blacklists to help protect your network.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings: