LinkedIn denies data breach that allegedly exposed data of 700 million users, says 'members trust us'

LinkedIn users were allegedly hit by a massive data breach recently, where data of 700 million users was hacked. First spotted by Restore Privacy, the data of around 92 percent of LinkedIn users was reportedly put up for sale on the dark web. However, LinkedIn denies any such breach and has assured that “no private LinkedIn member data was exposed”. As per an official statement, “Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.” [caption id=“attachment_4436841” align=“alignnone” width=“1280”] In April, an individual selling the user data on a hacker forum claimed that it was scraped from 500 million LinkedIn profiles. Image: Reuters[/caption] Reportedly, an unknown hacker got access to details like phone numbers, physical addresses, geolocation data, and inferred salaries of LinkedIn users. 9to5Mac reached out to the hacker who had posted the details on the dark web. The hacker reportedly revealed that the data “was obtained by exploiting the LinkedIn API to harvest information that people upload to the site”. According to Oded Vanunu, Head of Products Vulnerability, Check Point Software Technologies, “This case is similar to what we previously reported about TikTok, where we were able to “query” the TikTok API and build a user database. In the case of Linkedin, it looks like the hackers obtained the data by hacking the LinkedIn API to gather the information that people uploaded to the site. These incidents show that API security is very important while you build your application logic and infrastructure. Cloud applications are mainly built with core application logic that is ‘connected’ to many APIs that deliver the data throughout the application. If the APIs are not secure this exposes them to risks, especially with API code vulnerability or unlimited API calls. This can cause a big database leak like we saw in the cases we reported and in this Linkedin case.” Notably, this is not the first time that the personal details of LinkedIn users are compromised. Back in April this year, an individual selling the data including full names, email addresses, phone numbers, genders and more on a hacker forum claimed that it was **scraped from 500 million _LinkedIn_ profiles** . To this, LinkedIn said that data included information from many places and wasn’t all scraped from its platform. It further confirmed that the data compromised was easily available on the public LinkedIn profiles.