60 Million Records Of LinkedIn Users Exposed Online - TECH FOE

60 Million Records Of LinkedIn Users Exposed Online



Eight unsecured online databases containing roughly 60 million data of  LinkedIn users have been found to be leaking those information.

According to BleepingComputer, the discovery was made by security researcher Sanyam Jain of GDI foundation. The data in question mostly, were publicly available. However, they were some internal data that suggested that it might have been a breach.

To check how accurate those information were, Lawrence Abrams of BleepingComputer asked to pull out some of his information which Jain did. The data were the regular public information available on every profile on LinkedIn, information such as "IDs, profile URLs, work history, education history, location, listed skills, other social profiles, ans the last the last time the profile was updated."


However, Lawrence notes that even the information he made private were available on in the trove.

"Included in the profile was also my email address that I used when registering my LinkedIn account," Lawrence said. "It is not known how they gained access to this information as I have always had the LinkedIn privacy setting configured to not publicly display my email address."

"After reviewing the data that was sent to me, I found all of the information to be accurate."


The data also contained internal data that shows the type of LikedIn subscription the user is on to, which suggests that it might have been a data breach.

"Each profile also contains what appears to be appears to be internal values that describe the type of LinkedIn subscription the user has and whether they utilize a particular email provider," Lawrence said. "These values are labeled 'isProfessional", 'isPersonal', 'isGmail', 'isHotmail', 'and 'isOutlook'"


The archives contained 229GB of data, each one containing between 25GB and 32GB of information.

BleepingComputer reached out to LinkedIn's head of Trust & Safety, Paul Rockwell, with a sample of the archives. After a review of it, they said the database doesn't belong to them, though they were aware of third-party databases that contained Linked data.

A statement from LinkedIn read:

"We are aware of the claims of a scraped LinkedIn database. Our investigation indicates that a third-party company exposed a set of data  aggregated from LinkedIn public profiles as well as other, non-LinkedIn sources. We have no indication that LinkedIn has been breached."

Though, it is unclear who owns the database, the access to the database has been shutoff and isn't accessible online.

No comments

Powered by Blogger.