Over 92% of data on LinkedIn users has been compromised in the latest data breach by an unknown hacker. LinkedIn is not calling this a data breach, saying in an emailed statement to Gadgets 360 that the information was scraped from LinkedIn, which is a violation of their Terms of Service. Compromised information includes any personal details that users share on LinkedIn: full names, LinkedIn username, phone numbers, addresses, any geolocation data or inferred salaries. RestorePrivacy spotted the dataset of 700 million users on the Dark Web when the hacker provided a preview for buyers of one million users.
Another Day, Similar Story
This all comes on the heels of data scraping in April when LinkedIn confirmed a breach that impacted 500 million users. That breach also exposed similar personal details about LinkedIn users. While neither breach contained passwords, information is valuable and can lead to a host of issues with increased phishing attempts and identity theft – especially for those who support national security.
Just recently, the UK’s Centre for the Protection of National Infrastructure (CPNI) and MI5 spoke out about the danger of LinkedIn when hostile nations are involved. The UK’s campaign sent a warning to their 450,000 civil servants, highlighting the 10,000+ users who have been targeted in just the last 5 years. Former CIA, current ClearanceJobs writer Christopher Burgess shares, “individuals with access to information of interest to hostile actors continue to make themselves available via social networks, including LinkedIn. This availability in and of itself is not where the risk lays. The risk lays in what does the individual share to potential employers and collaborators via their LinkedIn page and how do they engage with those who may approach them.”
While LinkedIn continues to battle accounts like Dickson Yeo and his fake consulting company, massive data breaches have an even greater impact on U.S. national security, providing a marketing and targeting list for hostile actors. Couple a LinkedIn breach – or information scraping – with the 2015 OPM data breach, and the risk for federal employees increases.
Network with Caution
At a minimum, exposed data is a headache. It might mean a little time spent scrubbing usernames and changing passwords – all necessary measures for national security talent. But while organizations worry about legal ramifications and saving face, users are the ones spending time shoring up accounts and staying vigilant for future phishing attempts. The reality is that while networking has its benefits, it also comes with a side of risks that clearance holders cannot afford to ignore on LinkedIn.
According to security clearance attorney, Sean Bigley, “…a legitimate identity theft case is usually a complete defense against a security clearance denial or revocation case predicated on the clearance-holder’s purported financial irresponsibility. But establishing that defense requires an enormous investment of time, stress, attorney fees, and other headaches which may be avoidable through the exercise of reasonable prudence. The same kind of reasonable prudence that comes as second-nature in the cleared workspace.”