Information scraped from around 500 million LinkedIn user profiles is part of a database posted for sale on a website popular with hackers, the company confirmed Thursday.
The sale of the data was first reported on Tuesday by cybersecurity news and research site CyberNews, which said that an archive including user IDs, names, email addresses, phone numbers, genders, professional titles and links to other social media profiles was being auctioned off on the forum for a four-figure sum.
According to LinkedIn, the database for sale “is actually an aggregation of data from a number of websites and companies.” The data from LinkedIn users includes only information that people listed publicly in their profiles, the professional social media site, which is owned by Microsoft (MSFT), said in a Thursday statement.
“This is not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review,” the company said.
The news comes just days after a separate incident in which data scraped from more than 500 million Facebook users in 2019 — including phone numbers, birthdays, emails and other information — was posted publicly on a website used by hackers. While these kinds of data are less sensitive than, say, credit card details or social security numbers, information like phone numbers can still be exploited by bad actors, including for robocall scams.
LinkedIn has more than 675 million members, according to its website, meaning that around three quarters of its users’ information may be included in the database.
Social media companies have tools in place aimed at preventing scrapers — LinkedIn on its terms page details “technical measures and defenses” against such abuse — but they don’t always work.
The company said that “any misuse of our members’ data, such as scraping” violates its terms of service, which prohibit third-party software, bots, browser extensions or plug-ins that scrape data from the site.
“When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable,” LinkedIn said in its statement.
The company did not immediately respond to a request for comment about whether it will alert users whose data was scraped and is included in the database for sale.