LinkedIn users’ data for sale on hacking forum – 700 million affected
The details of 700 million LinkedIn users were recently posted for sale on a notorious hacking forum.
The details of 700 million LinkedIn users were recently posted for sale on a popular hacking forum. Last month, a user put information for sale on RaidForums, where it was spotted by Privacy Sharks, a news site. The seller provided a sample of 1 million records, which Privacy Sharks viewed and investigated, confirming the validity of the records which included names, gender, phone numbers, email addresses and work information. This is the second instance this year of LinkedIn user information being scraped and posted for sale online. In April, a total of 500 million LinkedIn users were affected in a similar event.
LinkedIn’s investigation revealed that the data was scraped from LinkedIn as well as other other sources.
LinkedIn maintains that this compilation of information of 700 million users was not the result of a data breach, and that the information is all publicly available. The company reported that no private LinkedIn member data was exposed. The ongoing investigation has so far uncovered in an initial analysis, that the data includes information scraped from LinkedIn as well as other sources. LinkedIn has released a statement, stating that they determined that the information which was posted for sale was “an aggregation of data from a number of websites and companies.” The company also states that scraping, and other misuse of members’ data violates its terms of service, and that it will work to stop any entities misusing LinkedIn members’ data, and hold them accountable.
LinkedIn has sought legal action in the past for violation of its terms of service, by data scraping.
While no one has been named as being responsible in this case, LinkedIn is currently in an almost 2-year legal battle to protect its user data and terms of service by seeking litigation over data scraping. In September of 2019, LinkedIn sought legal action against data analytics organization hiQ Labs in the United States Court of Appeals for the Ninth Circuit. At the time, hiQ Labs was found to have been using automated bots to scrape information from public LinkedIn profiles, at which time LinkedIn served them with a cease and desist, claiming that this violated their terms of service. In this case the court ruled that data scraping was legal. The information was all publicly available and was being collected by this data analytics organization. However, LinkedIn once again brought this case before the courts last month, in this instance, going to The Supreme Court. The Supreme Court threw out the lower court’s original ruling, giving LinkedIn another opportunity to plead its case in the 9th circuit. No statement has been made as to whether legal action will also be taken in this instance.
Does your company have all of the mandated safeguards in place to ensure compliance with the GDPR, Law Enforcement Directive and Data Protection Act 2018? Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.
- Facial recognition technology use by US federal agencies - September 21, 2021
- Proposal for an EU AI Regulation - September 16, 2021
- Cookie consent pop-ups among the ICO’s intended topics of discussion at the recent G7 meeting - September 14, 2021