A hacker by the username "GOD" advertised the data of about 700 million LinkedIn users out of the website's total 756 million users and posted a data sample including the information of about 1 million users to the dark web, according to researchers at cybersecurity website RestorePrivacy.
"Our teams have investigated a set of alleged LinkedIn data that has been posted for sale," Linked said in a Tuesday statement on its website. "We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites…"
The social media site for professionals added that some of the data included that was exposed in an April 2021 leak.
The hacker, who is asking $5,000 for the entire dataset, gathered public information of LinkedIn users including email addresses, full names, phone numbers, physical addresses, geolocations, LinkedIn usernames, personal experience and background information, genders and other social media accounts, such as Twitter usernames, according to RestorePrivacy.
"Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service," LinkedIn continued. "When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable."
The hacker behind the leak told RestorePrivacy that he exploited the LinkedIn application programming interface (API), a connection between computers or computer programs, "to harvest information that people upload to the site."
While no financial information or login credentials were exposed, RestorePrivacy noted that the leaked data could still put users at risk of identity theft, phishing attempts, social engineering attacks and hacked accounts.
"Cybercriminals can use the information found in the leaked files with other data in order to create full detailed profiles of their potential victims," researchers wrote. "Additionally, bad actors can use the available data, particularly usernames, emails, and personal information, to gain access to other accounts."