On June 22, the profile details of 700 million LinkedIn users were put up for sale on an underground forum.
The same thing happened on April 6 for 500 million LinkedIn users. The exposed data contained profile information such as e-mail addresses, job descriptions, social media profile links and phone numbers.
On April 3, the phone numbers and associated profile info of over 530 million Facebook users were leaked online. The leaks included geographical location and even phone numbers, including Mark Zuckerberg’s.
What Happened
In all three cases, threat actors used the same method — web scraping. Automated tools harvested all the information from user profiles, abusing various APIs made available by the platforms. They attempted to pull much more than would typically be available without special privileges, such as the privileges given to a user connected to the victim.
It’s important to note that the services were not “hacked”, at least not in the way we’ve grown to understand the word. No database was stolen, and no platform internals were exposed. In fact, users’ passwords are still safe. But any information that could be shared was shared in the process – including data that users believed only close friends could see, like e-mail addresses or phone numbers.
Here’s what YOU need to know
The incidents highlight two points to understand and remember.
First and foremost, the moment you hand out a business card or post information on an online profile, the information becomes public. It’s been repeatedly proven that privacy settings don’t always work. This problem is amplified by the massive size of our “private circle” of connections or friends on these platforms.
Check how many people you have in that “private circle.” Phone numbers, e-mail addresses, Social Security numbers, and home addresses are data points we’re constantly forced to share with an increasing number of people and organizations. It’s only a matter of time before they’re exposed publicly.
Now more than ever, it’s crucial to KNOW when that happens. And, here, the Bitdefender Digital Identity Protection tool can help. Our service lets you take control and minimize your digital footprint by continuously monitoring for data breaches, publicly exposed information and social media impersonators.
Secondly, be mindful of your ever-growing (and never-shrinking) online dossier/file, and take some time to brush up on doxxing. Every piece of relevant information about you can (and probably already is) added to a file with your name on it.
This information can later be used in:
- identity theft (buying things, getting credit or simply causing damage to you and your loved ones by doing illegal things in your name)
- selling your data to advertising networks, less legitimate than the ones you’re already willingly providing it to
- stalking/domestic violence. It may be an uncomfortable scenario, but it DOES HAPPEN
Just check your digital footprint and learn if an ill-intended actor can do carry out the acts in any of the three bullet points above or, God forbid, all of them. While LinkedIn and Facebook could have done a better job at preventing scraping bots, system vulnerabilities are exposed daily. Even though the platforms are sometimes quick to patch loopholes found by hackers, as users and members of the digital community, it’s also our job to be aware of the information we willingly expose and how it can be used against us.