Reports are now popping up in my technology news feed that a database containing information from over 700 million LinkedIn members is now available for purchase on the dark web. Unlike some of the other information dumps that have made headlines recently, this one doesn’t contain passwords or other sensitive information, but it does contain the information that LinkedIn members typical put in their profiles, including phone numbers, addresses (mail and email), job and education history as well as whether or not a particular member might be looking for a job. According to LinkedIn and which other sources seem to corroborate, this isn’t actually a data breach, but what is known as an “information scrape” which is shorthand for a database built by reading and indexing information that is readily available on the web. Keep in mind, “readily available” does not necessarily mean authorized use, especially when it is gathered and put on sale by someone not LinkedIn.
What does this mean for you?
Even if you aren’t on LinkedIn, if you do any sort of business that requires to you interact with others via the internet, you should be aware of why these types of databases are still considered a significant security risk, and I can sum it up in one word: Phishing. One of the most common tactics in use now by phishers is leveraging data gathered in these databases to build and send fake emails that contain enough real information to trick even the most savvy email veteran. Especially vulnerable are the millions of job seekers who use LinkedIn everyday to contact plenty of people they don’t know directly, and have to rely on information found on the website. Cybercriminals are using this particular weakness to infect job seekers with trojans as part of a fake employment application, which can then lead to identity theft, extortion and a definite disruption in the job seeking process. In the end, there isn’t much you can do about this except the following:
- Set up 2-factor authentication on all your important accounts, especially email.
- Back up your important data. Cloud-based backups are best.
- Make sure you are running malware protection on your computer.
- Make sure your network (home and work) is protected by a proper firewall.
- Establish freezes on all your major credit reporting identities via these websites: Experian. TransUnion. EquiFax.
- Never trust an email link, especially one that seems to ask for a password right off the bat. Always call and verify.
