Put: Leonardo Neri
Once again, LinkedIn, the social network and platform dedicated to the promotion of work and the execution of professional contracts, has been the target of complaints, with allegations of violation of users' digital security. The accusation alleges the leaking of information from 700 million users, almost 93% of the total number of registered users.
The company Restore Privacy, through its website, was the one that disclosed the case on June 22nd.
Furthermore, in a note, the group states that a hacker posted on forums specializing in cybercrimes that this data had been collected for sale, making approximately 1 million profiles available as a “free sample”.
In a report, the disclosure team also made it clear that no passwords, card numbers, etc. were exposed. However, the veracity of the data was confirmed.
It is worth noting that the sample provided by the hacker presented: Full names; Email addresses; Phone numbers; Home and business addresses; Location records; Usernames; Profile link; Employment history; Salaries; and Other social media accounts.
In response, LinkedIn claims that this is not a data breach, following the same line of reasoning as TILT: “[…] We want to make it clear that this is not a breach and that no private LinkedIn user information was exposed. Our initial analysis found that this data was scraped from LinkedIn and other sites and includes the same information reported earlier this year.”
Furthermore, the report brought by UOL presents the potential risks related to the alleged leak, mainly the cross-referencing of information by digital criminals so that the characteristics of victims can be more incisively traced for the application of scams. A classic example, the ““Whatsapp scam”. Rodolfo Avelino, a professor at Insper and an information security specialist, states that victims can be led into a fraud scenario through numerous digital means, featuring real stories, precisely due to the accumulation of information and the use of bad faith.
Ideally, in the case of LinkedIn, you should change your password periodically, and ignore emails, calls or messages that you consider suspicious, and under no circumstances pass on information.
Previously, in April 2021, the social network was also involved in a digital scandal, reported by Cyber News, alleging the possible leak of 500 million data, with these accounts being put up for sale by hackers. The leaked information was similar to that previously mentioned. At the time, the platform confirmed the leak.
What we should reflect on in this case is whether the leak actually came from public or confidential user information and, in each case, determine what the platform's responsibility would be, given a cyber scenario that develops daily with new possibilities. In this sense, investigating the incident and how the LGPD implementation program was executed on LinkedIn is essential for us to have the first answers to the questions.