The breach closely follows other cases of massive data leaks from companies such as Dominos, Mobikwik and Big Basket.
700 million people’s data was put up for sale on the dark web by a hacker who claimed to have obtained it from the application programming interface (API) of professional networking site LinkedIn, according to a report by Restore data protection.
The hacker had put 1 million user data online as an example and requested that a four-digit US dollar amount (which can range from Rs 75,000 to 7.5 lakhs) should be placed in an escrow account for all of the data.
Since then, LinkedIn has denied any personal data breach, stating that it is publicly viewable member profile data. In one statement LinkedIn said on its website, “Our initial research found that this data was scraped by LinkedIn and other various websites and contained the same data that was reported in our scraping update from April 2021 earlier this year.”
In April, data from 500 million users was revealed when a hacker offered them for sale in exchange for bitcoins on the dark web. Microsoft-owned company has 756 million users worldwide, so the latest security breach has the potential to impact 92 percent of its users.
A sample dataset of 1 million users has been published, which has been reviewed by 9to5Mac, included-
- Email address
- Whole names
- Phone numbers
- Physical addresses
- Geolocation records
- LinkedIn username and profile url
- Personal and professional experience / background
- Other social media accounts and usernames
Increased Vulnerability Concerns
Prasad T, an ethical hacker, said the breach appears to be an exploitation of API endpoints. “Although the use of the data is illegal, it is in great demand as it is in demand for marketing purposes in countries like the United States. However, if bad players were to gain access to the data, it could lead to identity theft through further security breaches, ”Prasad told MediaNama.
The lack of strict government guidelines on cybersecurity requirements makes these attacks more likely. According to Prasad, regular access points and the API evaluation itself can prevent many of these violations. “Governments need to make sure that the best engineers work for companies like LinkedIn, Google, Apple, and so on. If they can be hacked, governments will have to set some cybersecurity requirements, ”added Prasad.
Other data breaches
The breach follows massive data leaks from companies such as Dominos, Mobikwik and BigBasket, which contained passwords, Aadhaar card details, addresses, etc. Subsequently, many cybersecurity experts had raised concerns about MeitY (Department of Electronics and Information Technology). and the inaction of CERT-In (Indian Computer Emergency Response Team) over these leaks.
According to Disclosure Created in Parliament by CERT-In, 26,121 Indian websites were hacked in 2020, including 59 by the government. Additionally, there was a 196 percent increase in cybersecurity incidents, from 394,499 in 2019 to 11:58,208 in 2020.
While BigBasket and Mobikwik denied allegations of a data breach, the Reserve Bank of India directed Mobikwik to ensure an external audit of their systems by a team of a CERT-In authorized auditor.
Meanwhile, Dominos turned to the Delhi Supreme Court to order the Ministry of Electronics and Information Technology (MeitY) and Delhi Police to remove links to the leaked data.