700m LinkedIn records up for sale on underground hacking forum

Data leak
(Image credit: Shutterstock/dalebor)

The records of 700m LinkedIn (opens in new tab) users are being sold online on a popular hacking forum just two months after the data of 500m users of the business-focused social network was sold off in a similar way.

According to a new report (opens in new tab) from the VPN (opens in new tab) review site PrivacySharks, a cybercriminal going by the handle “GOD User Tom Liner” recently posted on the hacking forum RaidForums (opens in new tab) to announce that they were in possession of 700m records. 

In order to prove these claims, they provided a sample of 1m records which PrivacySharks' researchers analyzed for authenticity to discover that they contained a wealth of personal information including full names, gender, email addresses, phone numbers and industry information.

During the data leak that occurred back in April of this year, LinkedIn confirmed in a statement (opens in new tab) that the user records for sale online were collected from a number of websites and companies as well as from publicly viewable member profile data. As a result, it wasn't actually a data breach as no data had been stolen from the company but instead was scraped from other sources.

Scraped data

Just like with the previous data leak (opens in new tab), it turns out that the 700m LinkedIn records being sold online were collected from previous leaks. However, as PrivacySharks does not support sellers of stolen data, its researchers were unable to verify all of the records.

In a statement to PrivacySharks, corporate communications manager at LinkedIn, Leona Spilman provided further insight on the origins of this latest collection of stolen user records, saying:

“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”

LinkedIn users whose personal information is included in this latest data leak could become the target of spam campaigns or possibly even victims of identity theft (opens in new tab). For this reason, it is recommended that affected users change their passwords immediately and use a password manager (opens in new tab) to generate new passwords that are strong, complex and unique.

Via PrivacySharks (opens in new tab)

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.