About a week after scraped data from more than 700 million LinkedIn profiles were put for sale online, it seems that threat actors have no intention of stopping their abuse of the social media platform’s scrape-friendly systems.
Hours ago, a 68MB JSON database containing LinkedIn data recently collected from 88,000 US business owners was shared on a popular hacker forum.
According to the poster, the scrape targeted US business owners who have “changed job positions in [the] past 90 days.” The database includes full names, email addresses, workplace information, and other data points the owners publicly listed on their LinkedIn profiles. The archive was posted on the hacker forum for anyone to access.
While not highly sensitive, the data could still be used by threat actors to stage attacks against US business owners who the threat actors might see as being more affluent and potentially vulnerable to phishing and ransomware attacks.
Oddly enough, LinkedIn does not see scraping incidents as data breaches that could put the users of the platform in danger. “Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed,” the company said in its June 29 update about the recent 700 million profile scrape.
“Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update,” reads the LinkedIn statement.
Read more about the April 2021 LinkedIn scrape: Scraped data of 500 million LinkedIn users being sold online
To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.
What was shared by the threat actor?
Based on the samples we saw from the shared files, they appear to contain a variety of mostly professional information from LinkedIn profiles of 88,000 US business owners, such as:
- LinkedIn summaries, some of which include other contact information
- Full names
- Email addresses
- Professional titles and other work-related data
An example of scraped data:
It appears that only 6,520 out of 88,000 business owners listed their email addresses on their LinkedIn profiles, which were subsequently scraped by the poster.
As such, we did not find any highly sensitive information such as credit card details or legal documents in the sample posted by the author. With that said, even an email address can be enough for a competent cybercriminal to cause real damage.
Why scraping is dangerous: this is how criminals find new victims
Even though the data associated with US business owners on LinkedIn was not acquired as a result of a breach, allowing third parties to aggregate and download public LinkedIn profile information on a mass scale can backfire (and did, at least twice).
For example, data scraping is often used by spammers and phishers to find new targets: they aggregate public contact details and use them for robocalls, spam lists, and social engineering attacks. This is why many web applications use scraping mitigation tools in order to protect against hostile data collection by threat actors and bots.
Having suffered two massive scraping incidents in three months, LinkedIn still does not seem to implement effective anti-scraping measures. This could mean that it was not an oversight but rather a deliberate decision on the part of the company. Such a permissive attitude towards user data potentially made it much easier for criminals to get their hands on user-related information, as demonstrated by the posting on the hacker forum.
About the author CyberNews Team
(SecurityAffairs – hacking, LinkedIn)