Almost daily there is another data breach reported that exposes data for hundreds of thousands or millions of people. This is a troubling trend. One of the most troubling events happened recently as 700 million profiles from the social media network LinkedIn were found for sale on a popular hackers forum. What’s worse is that the company isn’t admitting that it had been breached recently. Let’s take a brief look at this situation and try to unpack what is going on with LinkedIn.
LinkedIn’s Sketchy Security History
Most people know all about LinkedIn. It is a social media site where professionals can network with other professionals. For all the good the social network tries to do, they’ve also been a major target for hackers. Back in 2012 they had 6.5 million accounts stolen by a Russian hacker and had nearly 100 million email addresses and passwords exposed. A year later there was more controversy as LinkedIn used man-in-the-middle attacks to intercept user emails and move them to LinkedIn servers. Finally, in 2018, after Microsoft’s acquisition of the company, LinkedIn users began to start getting extortion emails from account information that had been for sale on the Dark Web.
On top of those big hacks, LinkedIn has been connected to several other security breaches and failures, including the repeated use of fake LinkedIn accounts to facilitate data theft and unauthorized access to third-party networks.
In April, 500 million LinkedIn user accounts were put up for sale on a popular hacker forum. A new posting was not the result of a data breach. This information was scraped, but still included full names, email addresses, phone numbers, workplace information, and much more. With a user base of about 740 million users, this represented a large amount of the people that use LinkedIn.
If this wasn’t troublesome enough, there have been reports that LinkedIn is removing access to scholars and other active individuals inside China without any explanation by the company. This has some intellectuals and other active users of the platform concerned over the way the company is censoring information to operate in the Chinese market, which is known to suppress the availability of information to their nearly two billion constituents.
Just recently, it was reported that a data breach occurred that allowed hackers to make information available from over 700 million records from LinkedIn, over 92 percent of the user base. LinkedIn, not addressing the fact that most of the personal information they have been tasked with keeping secure is now available for purchase, defiantly put out the following statement:
- Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.
- Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.
- For additional information about our policies and how we protect member data from misuse:
What is Scraping?
Scraping, in this context, is short for a method of data harvesting called web scraping, or web harvesting. It is the act of using software to effectively copy material from websites using the website’s code. It is a method hackers use to gain invaluable information from websites without going through the original channels. In the case of many business websites that get scraped and have data stolen, the hackers actually don’t need to do as much as you’d think. Many utilize the relatively open nature of a business’ API (application programming interface), giving them direct access to the data they are looking to take.
We all trust these major corporations to do what they can to keep our sensitive data safe, but as they generally use it to maximize their ability to create revenue, it becomes difficult to trust them to keep your best interest in mind.
Keeping your data safe has become more difficult, and more important, than ever. To learn how we can help your business secure your data, give us a call today at (616) 534-1500.
RedRock offers a full range of compliance-focused IT services including help desk, server and network management, perimeter and endpoint security, and associated hardware and software. What makes us unique is how we bake security into everything we do. We are regulated by the FDIC, NCUA, and DIFS. We undergo regular exams and audits by 3rd party assessors. This oversight offers our customers the peace of mind that multiple entities look at our products, policies, procedures, financials, etc.