Data leak: 500 million LinkedIn user data for sale in underground forum

[German]New data leak – in an underground forum, the user data of 500 million LinkedIn users is being offered for sale. A hacker has probably extracted them from the social network belonging to Microsoft and has already published two million user records as proof that the data is real.


The information from CyberNews reached me directly via email on April 6, 2021. Fits wonderfully, of course, because over Easter the news hackers published 533 million phone numbers of Facebook users made quite a few waves (see this post or my German blog post Hacker publiziert 533 Millionen Telefonnummern von Facebook-Nutzern). The CyberNews team has now discovered, just a few days after a massive data leak at Facebook made headlines, that the data of 500 million LinkedIn users is being sold online. 

LinkedIn user data, Source: CyberNews

An archive of stolen data allegedly from 500 million LinkedIn profiles has been put up for sale on a popular hacker forum. The cyber criminal has posted 2 million user records as proof that they are in possession of real data. These can be viewed on the forum for $2 in forum credit. The archives containing 500 million records are offered for a four-digit minimum sum (payable in Bitcoins).

What was offered?

Based on the samples that security researchers were able to view in the releasing archives, the records appear to contain a variety of mostly professional information from LinkedIn profiles. This information, while mostly publicly viewable in the profiles, is of interest to cyber criminals when combined into a collection. The records have the following fields:

  • LinkedIn IDs
  • Full names
  • Email addresses
  • Phone numbers
  • Gender
  • Links to LinkedIn profiles
  • Links to other social media profiles

In addition, there are job titles and other work-related data.


LinkedIn data leak, Source: CyberNews

What is the problem?

Actually, people on LinkeIn do post their data in their profiles so that third parties can find and retrieve it. But the whole thing has its downsides, because the data from the leaked files can be used against LinkedIn users by threat actors in a variety of ways. Here's a small collection:

  • Conducting targeted phishing attacks
  • Spamming 500 million emails and phone numbers
  • Hacking passwords of LinkedIn profiles and email addresses.

The latter point in particular could become a problem, as such accounts can often be cracked via brute force attack with cedential stuffing (using passwords from other leaks). LinkedIn has not yet responded to inquiries about whether the data is genuine. More information can be found in this article.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *