After few days since the discover of the huge personal data breach on Facebook which has affected about half billion users all over the world, this is the time of LinkedIn being subject of an hacker attack, the professional social network which is mainly used in working relationship. A huge data repository which includes about 500 million of LinkedIn profiles has been sold online, with other 2 million records performed like test sample of authentic of the author of the post which has given the announce on a popular hacking forum.
Since the number of profiles affected is more or less the amount of LinkedIn users, with counts 600 millions of subscribers, the fear is that a large part of the 21 million Italian users are affected by this breach, which information includes: usernames, complete names, email addresses, telephone numbers, the gender, the connection with other LinkedIn profiles and other social media, as well as professional title or other information connected with the own actives that generally users upload on their profile on LinkedIn. Credit card data or other information for other payment instruments would not be subtracted.
According to what is mentioned into the informatic website Cyber News, into the hacking forum it is possible download, only with 2$, prof of database available in order to verify the content and its quality, meanwhile in order to get those information by the integral database with 500 million data it seems that the amount required is higher and with many zeros, supposedly in Bitcoin in order to keep that anonymous.
What it is not so clear, is if the LinkedIn storage which have been auctioned online are updated or it is about data of previously breaches.
The fact is that the requests for clarifications, which have been sent by experts of Cyber News, have not received any answers back by LinkedIn, and neither results to the Italian users that it has been received a report about the data breach, in accordance with the Article 34 of the GDPR, when it is present an high risk for natural people’s rights and freedoms.
The main advice for Italian users is to change the password of the profiles and, if there is the telephone number inside, keep attention to possible anomalies on their phone numbers like “SIM swapping” which can arise by hackers, and the same is for spear phishing emails, which, absurdly, could come from a sender posing in disguise for LinkedIn, perhaps with a fake security communication in relation to the data breach.
Other malicious threats refers to the users privacy which arise from an illicit use of data included into stolen records, from which can arise also identity theft, social engineering techniques and the most common BEC (business email compromise), that is a scam in which the hacker send a mail to a secretary or to an administrative responsible pretending to be the CEO or a top manager who requires an urgent wire transfer to a certain supplier, but indicating an iban on which to transfer funds attributable to a criminal organization, stratagem that can be particularly effective towards many LinkedIn users, who are used to indicate all the details needed for the attacker, such as the company they belong to, the role they hold, their business contacts, and who his colleagues are.
While waiting to see the developments of the case and the Personal Data Protection Authority to shed light on what happened, the highest alert is recommended for all LinkedIn users, taking great care over the messages and emails they receive, even when they appear to come from reliable senders, or even their own manager.