The sale of the data was first reported on Tuesday by cybersecurity research and information site CyberNews, which said an archive including user IDs, names, email addresses, phone numbers, genders, professional titles and links to other social media profiles was up for auction. on the forum for a four-digit sum.
According to LinkedIn, the database for sale “is actually an aggregation of data from a number of websites and companies.” LinkedIn user data includes only information that people have publicly listed in their profiles, the professional social networking site, which is owned by Microsoft (MSFT), said in a statement Thursday.
“This is not a LinkedIn data breach, and no LinkedIn private member account data was included in what we were able to review,” the company said.
The news comes just days after a separate incident in which data recovered from more than 500 million Facebook users in 2019 – including phone numbers, birthdays, emails, and more. other information – was posted on a website used by hackers. While these types of data are less sensitive than, say, credit card details or social security numbers, information like phone numbers can still be exploited by bad actors, including for scams by automated call.
LinkedIn has more than 675 million members, according to its website, which means that about three-quarters of its users’ information can be included in the database.
Social media companies have tools in place to prevent scrapers – LinkedIn on its terms page details “technical measures and defenses” against such abuse – but they don’t always work.
The company has stated that “any misuse of our members’ data, such as scratching,” violates its terms of service, which prohibit third-party software, bots, browser extensions, or plug-ins that retrieve data from the site.
“When someone tries to take member data and use it for purposes that LinkedIn and our members have not agreed to, we work to stop them and hold them accountable,” LinkedIn said in its statement.
The company did not immediately respond to a request for comment on whether it will alert users whose data has been recovered and is included in the database for sale.