Introduction

On October 4th, an anonymous threat actor allegedly scraped data from LinkedIn users. This data includes full names, email addresses, phone numbers, and workplace information.

On a hacker forum, users can view the leaked samples for roughly $2 in forum credits. However, the threat actor appears to be auctioning off a larger database of 500 million users for a minimum four-digit sum, likely in Bitcoin.

What Happened?

Following the developments on October 4th, the situation took another twist. More unauthorized individuals began attempting to leverage the leak. By the end of the week, a new party had offered a set of LinkedIn databases on the same hacker forum, demanding a payment of $7,000 in bitcoin.

This new participant claimed possession of both the original database comprising 500 million profiles and six additional databases. These supplementary databases allegedly held 327 million LinkedIn profiles, all acquired through data scraping.

There could potentially be 827 million scraped profiles, which exceeds LinkedIn's actual user count of over 740 million by more than 10%. This suggests that some, or possibly most, of the newly sold data by the threat actor could be duplicates or outdated information.

Impact

1. The leak of LinkedIn emails and passwords has enabled a Brute-Force Attack.

2. The exposure of personal information in the breach has now increased the risk of Identity Theft.

3. Cybercriminals can use the leaked data to conduct scams and phishing attacks, tricking individuals into revealing more sensitive information.

4. Both employers and employees on LinkedIn experience a significant loss of trust from customers and partners, which damages their reputation.

5. Misuse of the leaked LinkedIn profile contact information can lead to spamming of 500 million emails and phone numbers, enabling the sending of unsolicited messages and calls on a massive scale.

Method of Attack: Data Scraping

Data scraping is an automated process that involves extracting information from websites, databases, or any other data sources. It is a method that is widely used in the field of data analysis and web indexing. However, it can also be misused by malicious actors for various nefarious activities.

Attackers often employ bots or scripts to carry out data scraping. These bots or scripts are programmed to rapidly collect specific types of data. For instance, they might be set up to scrape email addresses or phone numbers from a website or to extract product data from an e-commerce site.

Moreover, the rate at which these bots or scripts can collect data is often unnaturally fast, far surpassing what a human could manually achieve. This is a major reason why data scraping poses such a significant threat.

It allows attackers to amass a large volume of data in a short period of time, which can then be used or sold for malicious purposes.

To counteract this, many websites and online platforms employ measures such as rate limiting to control the number of requests a user or system can make within a specific time frame. This can help protect against data scraping by limiting how quickly requests can be made to a server, and by making it difficult for scrapers to fetch data at an unnaturally fast pace.

Rate limiting is a preventive measure employed by developers and online platforms to control the number of requests a user or APIs can make within a specific time frame. Here's how rate limiting helps prevent data scraping:

1. Limits Request Frequency: Rate limiting sets a cap on how quickly requests can be made to a server. Scrapers often attempt to fetch a large volume of data rapidly. With rate limiting, if the requests exceed the allowed rate, the server can start delaying or denying further requests.

2. Deters Automated Scrapers: Scraping is often an automated process where bots send a high number of requests in a short time. Rate limiting makes it difficult for scrapers to fetch data at an unnaturally fast pace, discouraging automated scraping attempts.

3. Protects Server Resources: Data scraping can strain server resources, affecting the performance for legitimate users. Rate limiting ensures that server resources are distributed fairly and efficiently, preventing overload and maintaining a smooth user experience.

4. Enhances Security: By controlling the rate of incoming requests, rate limiting helps prevent denial-of-service attacks and protects against other forms of abuse. It adds a layer of security by mitigating the risk of unauthorized access and data extraction.