02 July 21, 18:01
Quote:Just days after a yet another data-scraping operation aimed at LinkedIn was discovered, evidence has popped up in a popular hacker forum that the vast amount of lifted data is being collated and refined to identify specific targets. This might signal the start of a series of LinkedIn-fueled attacks.
The latest data scrape was discovered this week when threat actors posted the personal data contained in 700 million LinkedIn user profiles in the RaidForums underground market. Later, the operators boosted the listing to a purported 1 billion records, according to researchers at Privacy Sharks who discovered it. And this latest data scrape follows an April operation which exposed 500 million LinkedIn users.
That’s a total of at least 1.2 billion records and maybe more — personal and professional — out there just waiting to be turned against users in future phishing, ransomware, display-name spoofing or other attacks (of course, some of the records are likely duplicates). But in any event, it’s already happening.
Yesterday, a database filled with the personal information of 88,000 U.S. business owners gleaned from the latest LinkedIn data scrape was shared in RaidForum, which the poster said specifically isolated U.S. business owners who have changed jobs over the past 90 days, CyberNews reported. The notably targeted database includes full names, email addresses, work details and any other information publicly listed on LinkedIn.
It’s not hard to see how this particular group of people, fresh on a new job, flooded with onboarding paperwork and dealing with new co-workers might be easily tricked into clicking on a malicious link.
Read more: LinkedIn’s 1.2B Data-Scrape Victims Targeted by Attackers | Threatpost