Italian Watchdog to Investigate LinkedIn
- 18th May 2021
- Michelle Pace
- Cyber Crime
Italian Watchdog to Investigate LinkedIn
LinkedIn has become the subject of a probe by an Italian authority after it has been alleged that 500 million users’ data, including IDs, has been found for sale online.
The Italian privacy watchdog GPDP (Garante Per La Protezione Dei Dati Personali) has started an investigation into how this information came to be posted on the dark web. Italy has one of the highest numbers of subscribers to the online platform in Europe with over 7.7 million users.
A spokesperson from LinkedIn confirmed that the data has likely been scraped from what is already publicly available to see on the platform rather than a data breach within the company.
A LinkedIn spokesperson told Insider:
"We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we've been able to review."
LinkedIn has confirmed that the ‘scraping’ of data from their database does violate their terms and conditions. With a database of over 740 million users, the personal information found online equates to over two-thirds of the platform’s members.
The information posted online contained details such as -
- Data including LinkedIn IDs
- Full names
- Email addresses
- Phone numbers
- Workplace information
- Links to other social media platforms
Two million of the 500 million records have appeared on a hacker forum as proof of the data theft, with the cybercriminal(s) suggesting the data could be purchased for a 4 figure sum, using Bitcoin. A further batch of records was uploaded days later by another hacker, asking for $7,000 of Bitcoin in order to purchase them.
Once data such as this is exposed by hackers, it can provide them with a pathway to attack businesses even further, by spear-phishing employees. The hackers can work around network security systems by approaching the employee’s via their personal accounts.
With such a wealth of information about individuals, it wouldn’t be difficult to con an unsuspecting employee into thinking the hacker is part of the wider organisation and then asking them to release further sensitive information unwittingly. It’s also no stretch of the imagination to see how easy it would be for cybercriminals to set up false profiles and impersonate a fellow colleague or contact for them to perform identity theft.
This type of practice has been fairly prevalent while many of us have been working remotely or using personal devices for work and not utilising the heightened cybersecurity that the workplace may provide.
In spite of this, it has also not yet been confirmed when the data was taken, nor whether at all recently.
If you are concerned whether your data was part of the LinkedIn scraping, there are measures you can take.
- Use Notty’s FraudWeb search to see if your details are on the dark web.
- Ensure you have the latest security software on your devices, such as McAfee Total Protection.
- Change passwords linked to your account and email accounts.
- Pay particular attention to your LinkedIn account for any anomalies such as suspicious activity and requests.
- Be aware of suspicious emails and don’t click on any links contained in them.