LinkedIn has suffered a data breach of more than 92 percent of its user base including information phone numbers, physical addresses, geolocation data, and inferred salaries.
This personally identifiable information is seriously valuable to fraudsters who can use it to create sophisticated phishing and impersonation attacks.
The hacker who obtained the data has posted a sample of 1 million records. Various checks undertaken by industry watchdogs confirm that the data is both genuine and up-to-date.
The four leaked files contain different information about various LinkedIn users. There are ongoing concerns with how the threat actor will use the data, leaving many open to activities like phishing campaigns.
Examining the issue for concerned Digital Journal readers is OneSpan’s Chief Technology Evangelist, Benoit Grangé.
According to Grangé, the biggest concern relates to the type of data relating to users that is held within a social media system like LinkedIn. Here, just because LinkedIn focuses on ‘professionals’, this does not make the data entered any less vulnerable compared with something like Facebook.
Grangé says: “This breach is an unfortunate reminder of how vulnerable our personal data is online and that consumers must take action over their digital identity by taking extreme caution when dealing with any unsolicited communication that they receive and ensure that they have multi-factor authentication enabled wherever possible.”
This is an essential step, says Grangé: “That way, when identity leaks like this inevitably happen, consumers can be certain that they remain safe online. There is a lot of really sensitive information in this breach that fraudsters will look to exploit by targeting individuals with uniquely tailored phishing attacks to gain access to accounts or trick unwitting consumers transfer money.”
Following this, Grangé states: “No trusted organization would ever ask someone to part with money or their sensitive information via email, SMS or phone.”
There are other measures that need to be taken in relation to sensitive data holding institutions. Here Grangé observes: “Banks need to have tools in place to prevent fraudsters from committing application fraud using information like this to set up new accounts in the victim’s name.”
In terms of the appropriate measures, Grangé recommends: “By using the latest identity verification technologies such as AI and biometrics in their onboarding processes, financial institutions will be able to quickly and remotely verify whether an applicant is in fact who they say they are or not.”