On June 22, 2021, a hacker reportedly exposed the data of 700 million LinkedIn accounts, representing 92% of users. Luckily, there is no immediate reason to panic: Only publicly available information was breached, meaning private information, like user passwords, remains safe.
Is this breach really a big deal?
Yes. The breach made data from LinkedIn – including full names, gender, physical addresses, inferred salaries, phone numbers, connections, personal and professional backgrounds, social media accounts, and geolocation data – more readily available.
This information is being sold in a database on a dark web forum. Attackers can purchase it to create robust profiles for sophisticated phishing or identify theft attempts. Phishing has become the delivery method of choice for ransomware and other malware. Users who publicly listed their phone numbers and email addresses might also be targeted with spam from direct marketers, recruiters, and others.
How did the breach occur?
According to RestorePrivacy, the hacker responsible for the breach exploited LinkedIn’s official API (Application Programming Interface) to harvest the data. A similar technique was used in another LinkedIn breach just over two months ago.
What action should you take?
While no immediate action is required, LinkedIn users should remain vigilant of advanced phishing attempts – not only via email but also by phone and text message. We continue to encourage your team to take security awareness training seriously, this will help your employees identify and report suspicious communications. Be especially wary of anyone requesting sensitive credentials, money transfers, or voucher purchases.
If any of your social media or business-service accounts are secured with weak or reused passwords, we also advise that you update them now. To avoid the hassle of remembering complex passwords, try using a password manager like RoboForm. You should also turn on two-step verification wherever possible as an additional precaution if you have not done so already.
How Umbrella can help
Umbrella is constantly working to prevent cybercrime and educate our clients on what they need to do to avoid phishing and ransomware attacks. If you receive any suspicious communications, don’t hesitate to contact us. You can find other useful information on cybersecurity threats to watch out for on our blog.