The sale of the data was first reported Tuesday by cybersecurity news and research site CyberNews, which said a file that includes user IDs, names, email addresses, phone numbers, genders, was being auctioned. professional titles and links to other social media profiles. in the forum for a sum of four figures.
According to LinkedIn, the database for sale “is actually an aggregation of data from various websites and companies.” LinkedIn user data includes only information that people publicly listed on their profiles, the professional social networking site, which is owned by Microsoft (MSFT)it said in a statement Thursday.
“This is not a LinkedIn data breach, and no private LinkedIn member account data was included in what we were able to review,” the company said.
The news comes just days after a separate incident in which data gleaned from more than 500 million Facebook users in 2019, including phone numbers, birthdays, emails, and other information, was posted on a website used by hackers. computer scientists. While this kind of data is less sensitive than, say, credit card details or social security numbers, bad actors can still exploit information like phone numbers, even for robocall scams.
LinkedIn has more than 675 million members, according to its website, which means that around three-quarters of its users’ information may be included in the database.
Social media companies have tools aimed at preventing scrapers (LinkedIn on its terms page details “technical measures and defenses” against such abuse), but they don’t always work.
The company said that “any misuse of our members’ data, such as scraping” violates its terms of service, which prohibit third-party software, bots, browser extensions or plug-ins that extract data from the site.
“When someone tries to take member data and use it for purposes that LinkedIn and our members have not agreed to, we work to stop them and hold them accountable,” LinkedIn said in its statement.
The company did not immediately respond to a request for comment on whether it will alert users whose data was mined and is included in the database for sale.