Specifically, the data from 500 million LinkedIn users They have been compiled and are for sale on the Internet. The database of the web to look for work has been discovered by CyberNews, where in addition the hackers have offered a registry of 2 million people as proof of the existence of the database.
Name, phone numbers, email and more filtered from Linkedin
Among the data that appear in the leak are the LinkedIn ID of each user, full name, phone numbers, email addresses, phone numbers, gender, links to other LinkedIn profiles, links to profiles on other social networks, and work history and other information available on the profiles. Being a website with our online curriculum, all the public data that we have could have ended up in that database.
The data has been put up for sale on RaidForums, just like on Facebook. In this case, the data owner is asking for at least 4-digit figures for the data at least in exchange for the entire database.
As with the Facebook database, an attacker with all this data can carry out phishing attacks against us by knowing our name, email and much more information, giving a touch of realism if it impersonates a bank or other company with which we have contracted services. They can also phone us with spam calls and also impersonating other people. Finally, they can try to brute force our LinkedIn passwords.
Beware of spam phone calls or phishing emails
Therefore, it is advisable in these cases to be extremely careful with calls or emails we receive. For example, we may receive emails from hackers posing as LinkedIn, where they only seek us to provide them with the password and other information to gain access. It is advisable to make sure whether or not it is a email real is to enter the official LinkedIn website and manually make the changes without clicking on any suspicious link.
Another recommendation is never reuse passwords between several services, since if they manage to hack it on one website, they can reuse it on another to take control of the accounts if we do not have two-step verification activated. For this, it is recommended to use password managers with unique passwords for each platform. In turn, two-step verification with applications such as Google Authenticator is recommended whenever possible, since it is much more secure than using SMS.
At the moment we cannot check if we are in the LinkedIn hack, so we will have to wait until the database is added to Have I Been Pwned, where the phones could also be added if enough appear.