Summary
Remember when someone discovered a misconfigured database exposed to the internet that left the information of 500 million LinkedIn users at risk? It’s happening again, except this time 700 million users have been impacted. Multiple outlets are now reporting that a hacker appears to have used the LinkedIn API in a malicious way which led to the download of large amounts of user data. This is extremely similar to the April incident in which an online database was compromised and user data was sold online. With both incidents, the user data has appeared for sale on a popular site called raidforums.com. Here, users can download large amounts of compromised data for any purpose. Hackers were able to compromise the following:
- Email Addresses
- Full Names
- Phone Numbers
- Physical Addresses
- Geolocation Records
- Usernames and Profile URLs
- Genders
- Other Social Media Accounts
Although this data set doesn’t contain cleartext passwords or password hashes, it does contain sensitive information that could be used in targeted social engineering attacks. Attackers utilize detailed information about employees to launch intricate social engineering campaigns that can be highly successful. When an unsuspecting employee receives a spoofed email with personal information included, it often makes it seem more legitimate. It is important to train your employees to look out for this type of targeted social engineering.
Awareness Training Helps
nGuard has been studying the art of social engineering and conducting simulations for its customers for nearly 20 years. nGuard’s highly trained engineers are well versed in the techniques used by adversaries and can conduct real world scenarios. This aids organizations in training their employees to expect the unexpected.