The information involving around 700 million users on Microsoft’s LinkedIn website is currently being sold online within the Dark Web. Information that contains a treasure trove of data surrounding each user that can be used for various levels of identity theft or other nefarious means.
The event was originally thought by some to be another breach of the company’s website. Just like some of the rumors going around in April when the data of around 500 million accounts were leaked online to be sold within the Dark Web. LinkedIn states that both occurrences are the result of someone scraping this data directly off public profiles within LinkedIn. Data that anyone would have access to normally, only in this situation, it is being mass-mined by bots that can scrape the data instantly from numerous accounts to form a massive database of information.
LinkedIn said that it could not find any proof of infiltration of its servers during either of the two occurrences and remains confident that it was a data scraping campaign. However, the scraping of data is against the company’s policies and it claims it is taking steps to try to prevent this from happening in the future.
Information being sold right now seems to be a combined collection of both events and includes things like user name, profile address, email address, full name, phone numbers, physical addresses, geolocation information, work history, work experience, connected accounts (usernames for other social media accounts), and other information that might have been publically available on any specific LinkedIn profile.
LinkedIn also states that no private information is included within this data being sold off and that all password data is safe. However, it doesn’t mean the information gained can’t still be used in ways that can cause damage.
Preventing such a thing can be quite difficult when the information is right there, observable by everyone. Likely, the best they could do is slow the bots down a little or beef up their ban-hammer techniques of blocking IPs and domains known to be used by bots.