Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward

Data from half a billion LinkedIn users has been scraped and put online

April 8, 2021, 8:48 PM UTC

Our mission to make business better is fueled by readers like you. To enjoy unlimited access to our journalism, subscribe today.

Data from over 500 million LinkedIn users is being sold online to hackers, marking the second major cybersecurity incident to be revealed in the past week, following news of a similar occurrence involving Facebook.

The trove of scraped LinkedIn data includes user IDs, full names, email addresses, phone numbers, professional titles, and other work-related data, according to security news and research group CyberNews

CyberNews analysts discovered the scraped data set on an online forum for hackers and were able to verify that the data was associated with LinkedIn user accounts. It’s unclear how old the data is, however, and how the bad actors obtained it.

LinkedIn said in a statement that while the scraped data set contains some “publicly viewable member profile data,” it is “actually an aggregation of data from a number of websites and companies,” meaning that bad actors created the data set with information from multiple services.

The service, owned by Microsoft, said that it did not suffer a data breach involving hackers penetrating the company’s internal databases to siphon information. Instead, the bad actors scraped the data from LinkedIn’s public-facing service, similar to a recent cybersecurity incident at Facebook.

“Any misuse of our members’ data, such as scraping, violates LinkedIn terms of service,” LinkedIn said in a statement. “When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.”

Although the scraped LinkedIn data set doesn’t include sensitive information like credit card information or Social Security numbers, it does include data that could help bad actors perform other sophisticated hacking attempts. For instance, hackers could use data like email addresses and phone numbers to conduct more convincing phishing attacks, in which they send people bogus emails that look real but contain links to malicious websites. 

People can see if they have been impacted by the data incident by visiting websites like Have I Been Pwned (HIBP), which list major data breaches.   

Earlier this week, a security researcher revealed that data from over half a billion Facebook users was scraped and put online. That data included full names, email addresses, phone numbers, and location information. 

More must-read tech coverage from Fortune: