LinkedIn data of over 700m users has been exposed in a new data breach, according to multiple reports.
LinkedIn has a total of 756m users, which means that the data of more than 92 percent of its users has been compromised in this new breach.
The new dataset obtained by an unknown hacker is said to consist of personal details of LinkedIn users, including phone numbers, physical addresses, geolocation data, and inferred salaries.
“From a user’s perspective, there is no difference between a data breach where company servers were hacked and someone misusing an API to obtain their data. Data loss is data loss, and attackers will find the simplest way to obtain the data they need to fund their operations,” commented Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre.
“As successful attacks on infrastructure become more difficult to execute, attackers will naturally shift their focus to abusing legitimate access methods like APIs provided by businesses to access data,” he added.
Where legitimate users care about terms of service, criminals won’t. This is an important detail for anyone exposing an API on the internet – it’s only a matter of time before your APIs are discovered and abused. So the key question then becomes – how quickly can you detect abnormal usage and take corrective action? The more powerful your API, the more attractive it will be to criminals.”