Threat actors have once again managed to scrape data from over 600 million user profiles on LinkedIn, and have put it up for sale for an undisclosed sum, according to reports.
This incident, says CyberNews, is the third time in the past four months that data scraped from millions of its user’s public profiles has been posted for sale.
According to samples posted by the unscrupulous user, the latest round of data scraped from LinkedIn includes the member’s full name, email addresses, links to their social media accounts, and other details users have voluntarily shared on their public profiles.
As mentioned by the threat actor, the information in the scraped data is available for anyone to see in the user’s public profile. All they’ve done is used automated tools to crawl through LinkedIn and compile the data from millions of profiles in an easily readable format.
LinkedIn data scraping
CyberNews adds that while the data isn’t deeply sensitive, it could still put users at risk of spam and expose them to phishing attacks. It adds that the details can also be used by “malicious actors to quickly and easily find new targets based on the criminals’ preferred methods of social engineering.”
“Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable,” LinkedIN claimed reacting to last month’s data scraping incident.
Notably, LinkedIn is engaged in a legal battle with talent management company hiQ Labs, which scrapes public data from LinkedIN in order to analyze employee attrition.
While in the lawsuit, hiQ contends that a ruling against data scraping could “profoundly impact open access to the Internet,” the recent incidents of scraped data being made available on underground forums highlights how the technology can also be used by threat actors to identify new targets.
LinkedIn didn’t immediately respond to TechRadar Pro’s email asking for comments.