data leak
LinkedIn is a professional networking platform owned by Microsoft, widely used by professionals to connect, share content, and advance their careers. As of 2023, LinkedIn boasts over 900 million members worldwide, making it one of the largest social networks focused on professional development and employment.
Breach Details
- Date of Breach Announcement: November 7, 2023
- Threat Actor: "USDoD," a known user on the dark web forum BreachForums
- Data Compromised: 35 million LinkedIn profiles
- Data Format:
- Size: 12 GB uncompressed
- Content: Includes a list of 35 million lines, likely containing usernames, email addresses, job titles, and other personal information available on LinkedIn profiles.
- Distribution: The data was posted in two formats: a partial and a complete version as zipped files.
- Source: BreachForums, a notorious underground forum for trading stolen data, where the threat actor apologized for a previous partial leak and uploaded the full dataset.
Threat Actor Profile
The individual or group behind this leak, USDoD, has a history of being active in data trading circles on the dark web. The mention of an apology to cybersecurity expert Troy Hunt suggests previous interactions or releases of incomplete data. Their account on BreachForums was self-banned following the data release, which is a tactic sometimes used to avoid further scrutiny or to signify the end of a particular campaign.
Impact Analysis
- Scope: 35 million LinkedIn profiles exposed, representing a significant portion of the platform's user base.
- Potential Risks:
- Phishing Attacks: With access to personal details, attackers could craft convincing phishing emails.
- Identity Theft: Personal information might be used to impersonate users or create fake accounts.
- Reputation Damage: Professionals might suffer from unauthorized use of their data.
- Affected Users: Individuals who had a LinkedIn profile up to the time of the breach, particularly those who might have shared public information that can be easily scraped.