The individual thought to be behind last month‘s LinkedIn data scraping incident claims he created the 700 million LinkedIn-user database after hacking the social networking platform’s API.
BBC News says it identified and spoke with the person, who calls himself ‘Tom Liner’.
Liner told the publication that he scraped the LinkedIn data “for fun,” and that it took him several months to create the massive database.
Last month, many media outlets reported about a LinkedIn data breach that exposed the personal details of more than 700 million users – nearly 92 per cent of everyone on the service.
News site Privacy Sharks said it saw a posting about the sale of LinkedIn database on RaidForums, a hacker site. To prove their claims, the post also included a sample of 1 million records.
Privacy Sharks stated that its researchers examined the sample and found that they contained many personal details, including full names, gender, phone numbers, email addresses and industry information.
LinkedIn rejected the claims of a data breach, saying that all the data was already publicly available. Instead, it insisted the information was aggregated from a variety of sources.
Liner told the BBC that he had already sold the database to several customers for around $5,000, and all of them are satisfied with it.
He did not reveal who the customers are or what they intend to do with the information, but he speculated that the data will likely be used to conduct other “hacking ventures.”
Apart from last month‘s LinkedIn incident, at least three other major data-scraping incidents have been reported in the past six months.
In April, a hacker offered a database of nearly 500 million records scraped from LinkedIn for sale. The individual asked for a minimum “four-digit” sum for access to the full records.
In the same week, a database of scraped information from 1.3 million Clubhouse profiles was posted on a hacking forum.
And finally, also in April, data on 533 million Facebook users was dumped on a hacking forum.
These incidents have sparked concerns among security experts about the growing trend of mega scrapes.
Amir Hadžipašić , the founder of SOS Intelligence, told BBC News that API programmes need to be more tightly controlled.
“Large-scale leaks like this are concerning, given the intricate detail, in some cases, of this information – such as geographic locations or private mobile and email addresses,” Amir said.
“To most people it will come as a surprise that there’s so much information held by these API enrichment services.”
“This information in the wrong hands could be significantly impacting for some,” he added.
Experts say criminals could use the data from scraping incidents to create detailed profiles of potential victims, then conduct targeted phishing or social engineering attacks.
The information could also be used to send spam emails, or brute-force profiles’ passwords and associated email addresses.