Price Tag for Our LinkedIn Data Revealed
The data of 700 million LinkedIn users has gone up for sale. This is another such case, and the way the data was obtained and the price for the entire database should raise many eyebrows.
LinkedIn is unlikely to regard 2021 as a successful year. First, in April, the data of 500 million users of the service was put up for sale, which was reported by the largest media in the world, including CNN. Just two months later an offer was made to buy a package containing data from 700 million accounts, or 92% of LinkedIn's users. The price? A measly $5,000..
The package offered for sale contains a range of potentially sensitive data:
- Email address;
- Name;
- Telephone number;
- Residential address;
- Geolocation data;
- User login and profile address;
- Professional experience and education;
- Gender;
- Usernames of connected social media users.
As LinkedIn points out in an official statement, no private user data was stolen and there was no security breach. So how did such detailed information end up in the hands of hackers? Well, they were publicly available and it was the users themselves who published them.
RestorePrivacy conducted an investigation and found that the hackers scraped the data from LinkedIn using its API, which is a legitimate channel for communication with external apps or plugins on the websites. The data obtained in this way was expanded with information from other sources. The authors from RestorePrivacy contacted the seller and found out the price for the chole package, amounting to $5000.
$5000 for such a gigantic database may seem surprisingly low. However, it does not differ significantly from the market reality - according to CyberNews the April database with 500 million accounts was offered for sale for 7000 dollars. From a hacker's perspective, a single user means little, and the increasing capabilities of hardware and the speed of Internet connections make huge databases, analyzed and used in an automated way, increasingly popular.
Web scraping - what is it?
Web scraping is simply collecting publicly available data in an automated manner, e.g. names and email addresses of university employees or article titles on news portals. The more uniformly the data is presented (e.g. according to a strictly followed template), the "cleaner" the database, requiring less effort in organising the information.
Web scraping is often frowned upon because the data is usually used for ethically dubious or outright illegal activities. The simplest example of harmful activity is scraping email addresses, building a huge contact database and then sending spam (or rather selling the database to interested parties, as in the case of LinkedIn data).