LinkedIn data scraping – “Over 1Billion LinkedIn data available”, over “520 million email addresses and phone numbers of LinkedIn users” – are just some of the “announcements” Swascan‘s SOC as a Service and Cyber Threat Intelligence Teams first identified on April 5th, 2021 via its Security Testing and Threat Intelligence platform, as noted in the LinkedIn post (see Linkedin Post April 5th, 2021).
Below the research conducted by Swascan’s Cyber Team relating to:
– Records for sale
– LinkedIn Data market
– Data Scraping tools
– Considerations
LinkedIn data scraping: Records for sale
On April 5th, 2021, through Swascan’s Osint Search Engine tool we identified several sales ads relating to LinkedIn user’s data.
In particular, we identified:
– A post published on April 3rd, 2021 at 00:41AM regarding the sale of “1Billion(1000Million) LinkedIn Records”
– A post published on January 11th 2021 at 05:43 AM regarding the sale of “550million LinkedIn full profiles, emails, phone numbers and recent data”
Announcement: 1Billion(1000Million) LinkedIn Records
The author of the ad in question specified what he had available: “I have 520Million +500Million Other Data”. Moreover, he provided evidence and examples to confirm and demonstrate the “reliability” of the data he was selling.
Specifically, for the first 520 million data, he made available a set of data records:
Also, for the other 500million data he provided further details:
Therefore, we decided to investigate the source and the reference date of the data for sale by directly contacting the author of the ad.
Overall, the communication confirmed that the data referred to 2019/2020 and that the entire database of 1billion LinkedIn data was for sale at the price of $1,500.
550Million LinkedIn full profiles, emails, phone and recent data
The second ad we identified on April 5th, 2021 is dated January 2021.
In this case, the author of the ad indicates the presence of LinkedIn data related to:
- Profile
- Phone
Also, he clearly specifies that the data is the result of data scraping activities. Even in this case, the “seller” provides samples to demonstrate the validity of the “goods”.
At this point, we did not want to contact the seller as in the first case, but we preferred to analyze the LinkedIn data market available in the dark web and deep web.
Linkedin Data Market
Through Swascan’s Cyber Threat Intelligence services we carried out a Web and Dark Web analysis to understand the size of the LinkedIn data market.
Firstly, we identified a post for the sale of 100 million LinkedIn data with a sample to download.
We should not be surprised if a prospective buyer requests 500 million data…
The seller answers “I will get soon”, proof of an exellent customer service.
Secondly, we identified a post published on April 09th, 2021 with popular LinkedIn data pricing, structured by country.
In this case we are talking about a Database of millions of data records sold for only $ 7.
There is no doubt that LinkedIn data is extremely interesting from a Business point of view. The demand is certainly high. A market that has seen the birth of tools and services …
LinkedIn Data Scraping tools
Data scraping has found a space of great interest in the collection of data and information present in the LinkedIn profiles of each of us. A market space that has given rise to a series of services available online on the web in Software as a Service mode:
Which ensure and guarantee:
It is definitely not the only identified service:
Searching on Google for “Linkedin data scraper tool” almost 1,5million results are available.
Same reasoning if we look for tutorials on YouTube where we find videos updated up to a few months ago:
Considerations
The analysis we conducted requires us to pay particular attention to the safety aspects that could impact each of us. The potential collection of data relating to emails and mobile phones exposes us to the concrete and tangible risk of:
In conclusion, it is strongly recommended to pay attention to:
• Control the privacy setting on Linkedin
• Change the password
• Use two factor authentication systems
• Evaluate or accept the risk of publishing the email address or phone number in the Contact Info section of Linkedin
• Always pay attention to the risks listed above