If you are among the 500 million users of the employment-oriented social network, LinkedIn, then your data might have leaked out as well.
A leak of approximately 60 million records was reported a couple of weeks ago by GDI’s researcher Sanyam Jain to Lawrence Abrams, founder of the specialized website Bleeping Computer. Jain had stumbled multiple times on unsecured databases, where LinkedIn data seemed to be disappearing and appearing under different IP addresses. Although LinkedIn profile information is mostly public, the databases were also containing the email addresses of the users.
“According to my analysis the data has been removed every day and loaded on another IP. After some time the database becomes either inaccessible or I can no longer connect to the particular IP, which makes me think it was secured. It is very strange.” noted the researcher.
Eight databases were found, with an average size of approximately 30 GB each, for a total of 239 GB and 60 million records, which appeared to contain information scraped from LinkedIn profiles.
The GDI researcher was able to extract data relevant to Lawrence Abrams and sent it to Bleeping Computer to be reviewed. The data sent included Adam’s profile information including ID, URLs, work history, education and location among others. Even the email address used to sign up in LinkedIn was found. Adam is sure to have had the privacy setting configured to NOT publicly show his address. All the information submitted proved to be accurate.
All of the profiles examined contained strings of code that normally identify the type of LinkedIn account the client has, as well as labels that identify the email service provider, and whether it is a professional or personal address.
LinkedIn was contacted and informed of the leak. The reply came from the head of Trust and Safety Paul Rockwell, who, declining responsibilities, stated that the database does not belong to them although they are aware of scraped data circulating on the net:
“Our investigation indicates that a third-party company exposed a set of data aggregated from LinkedIn public profiles as well as other, non-LinkedIn sources. We have no indication that LinkedIn has been breached,” he stated.
It is still unknown who these databases belong to. What’s known is that they are hosted by Amazon who, after being contacted by Bleeping Computer, was able to secure them and to block access via the web.
Data is a big business nowadays.