In a recent cyber incident, a hacker going by the pseudonym USDoD has revealed a shocking breach of a LinkedIn database, laying bare the personal information of more than 35 million users.
The data leak took place on the well-known hacking platform, Breach Forums.
Hacker's Dark History
This isn't the first time USDoD has made headlines for malicious activities. Last year, this same hacker infiltrated the FBI's security platform InfraGard, divulging the personal details of over 87,000 of its members.
USDoD confirmed in a post on Breach Forums that the most recent LinkedIn database breach was executed through a process known as web scraping. Web scraping involves the use of automated software to extract data from websites, with a primary focus on gathering specific information from web pages.
Read also: LinkedIn Unveils AI Features for Premium Users: Enhancing Content Creation and Engagement
What's Inside the LinkedIn Database
According to Hackread.com, the breached LinkedIn database predominantly contains publicly available information from users' profiles, including full names and profile bios. While the database includes millions of email addresses, it's reassuring to note that no passwords are part of the leaked data.
A screenshot of the breached data reveals that the compromised email addresses belong to high-ranking U.S. government officials and institutions. Additionally, email addresses from various government agencies worldwide have been identified.
Troy Hunt, the expert behind HaveIBeenPwned, scrutinized over 5 million accounts from the database. His analysis revealed a blend of data from multiple sources, including public LinkedIn profiles, fabricated email addresses, and other origins.
While some data may be anecdotal or partially fabricated, many individuals, companies, domains, and email addresses within the database are undeniably real.
"Because the conclusion is that there's a significant component of legitimate data in this corpus, I've loaded it into HIBP," Hunt explained. "But because there are also a significant number of fabricated email addresses in there, I've flagged it as a spam list which means the addresses won't impact the scale of anyone's paid subscription if they're monitoring domains," Hunt said.
Leaked Database Not the First Time For LinkedIn
Interestingly, this isn't LinkedIn's first encounter with a leaked database. In April 2021, a threat actor attempted to sell two scraped LinkedIn databases with 500 million and 827 million records.
Subsequently, in the next two months after the incident, a hacker sold another scrapped LinkedIn database, this time containing data from a staggering 700 million users.
The breach raises serious concerns about online data security and the need for stricter measures to protect user information.
If the hackers continue to infiltrate LinkedIn, maybe it's about time to implement the passwordless future in the form of passkeys.