Hackers attack LinkedIn professionals with fake job offers and infect them with malware

1617897046 737664 1617898084 rrss normal.jpg
1617897046 737664 1617898084 rrss normal.jpg

Days after a massive Facebook data breach made the headlines, it looks like another one awaits us, this time one involving LinkedIn. A file containing data allegedly gleaned from 500 million LinkedIn profiles has been put up for sale on a popular hacker forum, with another 2 million records leaked. Hackers target LinkedIn professionals with fake job postings and infect them with malware The four leaked files contain information about LinkedIn users whose data was allegedly extracted by the threat actor, including their full names, email addresses, numbers phone numbers, workplace information and more. While users on the hacker forum can view the leaked samples for roughly $ 2 in forum credits, the hacker appears to be auctioning off the much larger database of 500 million users for at least a 4-digit sum, presumably in bitcoins. What data has been leaked? Based on samples of the leaked files, they appear to contain a variety of primarily professional information from LinkedIn profiles, including: LinkedIn IDs Full names Emails Phone numbers Genres Links to LinkedIn profiles Links to other social media profiles Career titles and other job-related data What is the impact of this leak? Hackers can use leaked file data in several ways: Carrying out targeted phishing attacks Sending spam to 500 million emails and phone numbers Forcing passwords for LinkedIn profiles and email addresses . The leaked files appear to contain only LinkedIn profile information; No deeply sensitive data such as credit card details or legal documents were found in the published sample. That said, even an email address can be enough for a competent cybercriminal to cause real damage. Particularly determined attackers can combine the information found in the leaked files with other data breaches to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against people whose information has been exposed on the hacker forum. What to do before this type of data breach? If you suspect that your LinkedIn profile data may have been extracted, we recommend that you: Use a personal data leak checker to find out if your LinkedIn data has been leaked Beware of suspicious LinkedIn messages and connection requests From strangers Change the password for LinkedIn and email accounts Consider using a password manager to create strong passwords and store them securely Enable two-factor authentication (2FA) on all your online accounts.