On 30 June 2021 newsfeeds were awash with details that over 700m LinkedIn users’ personal information had been put up for sale on RaidForum a week earlier. This was discovered by the website Privacy Sharks who were able to identify from a sample that the data on sale on the dark web included information such as full names, gender, email addresses, phone numbers, and industry information. As this is the second such sale of LinkedIn data in two months (in April 500m LinkedIn users’ information was offered for sale), what is going on?
LinkedIn on both occasions were quick to release a statement to reassure users that neither the most recent nor the April incident were as a result of a data breach:
“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”
So, as a LinkedIn user, can you relax?
The information allegedly “scraped” – a technique where a computer program extracts data from websites – will mean that your publicly accessible data (email address and phone numbers) can be used in spam campaigns and unsolicited calls. But, as LinkedIn stresses, the data which has been captured was already publicly accessible, so you are in no greater danger of spam emails or cold calls than you have been since you posted your profile.
If you are concerned about what information is out there about you, we recommend that you occasionally undertake searches on your name. It is also possible to set up alerts in the search engines to let you know if you or your company name appears online. You can then check it’s a legitimate mention.
It is also possible to check where your online profile might have been subject to a hack by putting your email details into https://haveibeenpwned.com/. This details whether your email or phone information has been caught in a data breach. Modern life is online, so understanding the dangers and pitfalls, but also the advantages, is key. If you remain concerned about how cyber impacts you or your business, we can help you; our experts will be discussing all things ‘cyber’ in a conference we are hosting in September 2021 – do join us.
How can I keep my cyber identity safe?
LinkedIn is a powerful platform, great for lead generation and finding out more about the people you do business with, so you don’t have to remove yourself from it. However, you can limit the amount of information which is accessible to an unknown browser until they “link in” with you, and, of course, change your passwords regularly.
What everyone needs to appreciate is that it is not a question of ‘if’, but ‘when’ their data will be the subject of a data breach. So, mitigating the impact of the breach is something you can focus on now.
For individuals, avoid using the same password for multiple sites. That will mean if one site you use suffers a data breach, the same login details can’t be used for the other site you use. It can be a pain to remember a lot of different passwords, so consider using a familiar phrase but for each site swap letters for symbols e.g. replace ‘a’ with ‘@’ or ‘s’ with ‘5’. For really sensitive websites, such as online banking, use multi-factor authentication or biometric security (fingerprints or voice identification).
Businesses need to ensure their staff and customer data is secure by investing in secure IT structures and having cyber insurance policies. If LinkedIn had sustained a data breach and 700m users’ data was lost or held to ransom, the business would struggle to survive. Could your business? That is where insurance policies can assist, but you need one that is fit for purpose. There will be a panel discussion on this very issue during our three-day Cyber Conference, so don’t miss out.