A man who decided to hack LinkedIn “just for fun” scraped the personal data of 700 million users and sold it online earlier this month. Known by the name Tom Liner, what he did isn’t technically illegal – the information is all public-facing. It begs the question, however, of how secure our personal data is online. It also brings up whether or not social media networks should be doing more to protect us. (1)
Hacker Scraped The Personal Data Of 700 Million LinkedIn Users
How much information do you have on your social media profiles? Your name? Where you live? Your job or relationship status? Perhaps, in the case of LinkedIn, an email address or phone number. Well, you may want to reconsider how much you are making available. An online hacker scraped the personal data of 700 million LinkedIn users and sold it online to the highest bidder. The sale ended up going for $5000.
They don’t know who the hacker is, outside of his online alias, nor do they know where in the world he lives. Another unknown fact is who he sold the information to – but surely it isn’t someone with good intentions. He announced his work in a well-known hackers’ forum.
“Hi, I have 700 million 2021 LinkedIn records” he said.
A BBC reporter spoke with him via various messaging platforms. In those, he revealed that he has a wife and a day job and that hacking is just a hobby. He feels bad that the information is now in the hands of people with malicious intent. His conscience isn’t so burdened, however, that he has plans to stop.
“It took me several months to do. It was very complex,” he explained. “I had to hack the API of LinkedIn. If you do too many requests for user data in one time then the system will permanently ban you.”
It Isn’t Technically Illegal
The thing is, this isn’t technically a security breach for LinkedIn. He didn’t hack into their database and steal any information that wasn’t made publicly available on people’s profiles. He simply figured out a way to scrape hundreds of millions of that personal data nearly all at once.
“This was not a LinkedIn data breach and no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.” LinkedIn said in a statement.
Of course, this doesn’t mean that it isn’t bad news. This information in the wrong hands can do some serious damage. Likely, they will use the emails and phone numbers for spam, to send malware to millions, or to trick people into sending them money. That is just a start at what they may decide to use it for.
How To Protect Yourself Online
While it is nice to think that social media giants like LinkedIn and Facebook are going to do more to protect their users, it is a reality that your security is largely in your own hands. We all need to be careful with how much we are sharing about ourselves online, as this can and likely will be used to some degree, whether for simple targeted marketing or something much worse. Here are a few tips to protect yourself more online.
1. Optimize Your Privacy Settings
Every social media platform has privacy settings that have a variety of options you can choose from. Our suggestion? Lock your profiles down as tightly as possible. Check everything – even down to what your “friends” can see. Make information such as an address, email, and phone number by request only. Especially in a setting like LinkedIn, they can contact you via the app first, and then you can decide how much information they deserve. (2)
2. If It’s Optional, Don’t Make It Public
Even things like your age and birth date aren’t necessary to build a profile on most of these sites. Remember, the more information you have about who you are on your profiles, the easier it is for hackers to build a fake persona based on you. (3)
3. Limit Who Can Contact You
Go into your privacy settings and change who can contact you to “friends of friends”. This will prevent random strangers from sliding into your Facebook DMs and even from requesting your friendship on the site.
4. Hide Your Friend’s List
Hackers and cybercriminals will request friendship from users on Facebook, and once accepted will find other similar people through their friend’s list. The person will see that they have several friends in common and won’t realize who they’re accepting.
5. Limit The Rights Of Third-Party Apps
Every so often, review which other apps you have given rights to your Facebook and other social media profile information. If you no longer use that app, delete their access. For the ones you keep, change sharing permissions to only me.
6. Add Two-Factor Verification To All Of Your Accounts
Two-factor identification means when someone logs into one of your social media accounts from a new or different device, you will be sent a code or password to identify that login as secure. This adds an extra layer of protection and makes it harder for people to log in to your accounts.
7. Create Strong Passwords
Passwords that contain capitals, lower case letters, symbols, and numbers are far more secure than ILikeCats123. Also, make sure you change them often. Use a password manager if you are having trouble remembering them all. (4)
The Bottom Line
You don’t have to do any of the above-mentioned things to make your online presence more secure. They are just suggestions. Know that if you are using social media, some level of your information is going to be made available to people you don’t know. Do your best to be as safe as possible, and if something feels fishy, it probably is.
- “How your personal data is being scraped from social media.” BBC. Joe Tidy. July 2021.
- “10 MUST-DO TIPS FOR PROTECTING YOUR PERSONAL FACEBOOK DATA.” Tech Genix. Stephen M.W. March 18, 2019.
- “How to keep your personal information safe on social media.” Norton
- “10 Tips for Keeping Your Personal Data Safe on Social Media.” Security Today. Susan Alexandra. April 4, 2019