Around 60 million records of LinkedIn users have been found leaked through 8 unsecured database (DB), which consists of mainly public information such as email addresses.
A security researcher at GDI foundation said he has been analyzing data, which is switched to another IP every day after it gets deleted from the previous IP. After a while the database is either not accessible or IP is made unavailable, which made the researcher think that the DB might be secure.
The record in the eight databases seem to be 60 million LinkedIn users’ scraped public information. Each DB has data of around 25 GB to 30 GB, which in total is 229 GB in eight of the DBs.
The researcher carried out a test and fetched the record of one of the LinkedIn user from the database. This record contained information of LinkedIn profile, consisting of IDs, work History, Profile URLs, education background, location and skills mentioned, as well as the date when the information was last updated. Emails that were used for the account registration on LinkedIn, despite having privacy to be not available to the public was also included.
The data was then checked by the owner/user, who approved its accuracy. Other than the public information, internal values such as “isPersonal”, “isGmail”, “isHotmail”, telling about the types of subscription and email services users have on LinkedIn is also part of the DB.
According to Bleepingcomputer findings, the leaked databases were being hosted on Amazon servers and upon contact the security of the database and its unavailability on the internet was assured by the Amazon team.
LinkedIn was also approached to know whether data belonged to them since it contained email addresses of users and the inter values. Paul Rockwell, head of Trust and Safety at LinkedIn confirmed that it does not belong to them but they know third-party databases that have scraped LinkedIn data.
Rockwell said they have carried out an investigation which shows that a third-party was involved in leaking the data that was gathered from LinkedIn as well as other sources. He added further, "We have no indication that LinkedIn has been breached."
Related: The Ever-rising number of Fake Profiles on LinkedIn is Highly Concerning!
Read next: LinkedIn Makes it Easier to Stay in Touch With Teammates
A security researcher at GDI foundation said he has been analyzing data, which is switched to another IP every day after it gets deleted from the previous IP. After a while the database is either not accessible or IP is made unavailable, which made the researcher think that the DB might be secure.
The record in the eight databases seem to be 60 million LinkedIn users’ scraped public information. Each DB has data of around 25 GB to 30 GB, which in total is 229 GB in eight of the DBs.
The researcher carried out a test and fetched the record of one of the LinkedIn user from the database. This record contained information of LinkedIn profile, consisting of IDs, work History, Profile URLs, education background, location and skills mentioned, as well as the date when the information was last updated. Emails that were used for the account registration on LinkedIn, despite having privacy to be not available to the public was also included.
The data was then checked by the owner/user, who approved its accuracy. Other than the public information, internal values such as “isPersonal”, “isGmail”, “isHotmail”, telling about the types of subscription and email services users have on LinkedIn is also part of the DB.
According to Bleepingcomputer findings, the leaked databases were being hosted on Amazon servers and upon contact the security of the database and its unavailability on the internet was assured by the Amazon team.
LinkedIn was also approached to know whether data belonged to them since it contained email addresses of users and the inter values. Paul Rockwell, head of Trust and Safety at LinkedIn confirmed that it does not belong to them but they know third-party databases that have scraped LinkedIn data.
Rockwell said they have carried out an investigation which shows that a third-party was involved in leaking the data that was gathered from LinkedIn as well as other sources. He added further, "We have no indication that LinkedIn has been breached."
Related: The Ever-rising number of Fake Profiles on LinkedIn is Highly Concerning!
Read next: LinkedIn Makes it Easier to Stay in Touch With Teammates