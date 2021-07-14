



Cyber ​​News reports that this is the third time in four months that member information has appeared on a hacker forum.

Image: iStock / iBrave A dataset comprising information from 600 million LinkedIn users was listed for sale on a hacker forum this week. This is the third time in four months that data extracted from the networking site has been offered for sale, according to a Cyber ​​News report. The data is all publicly available, such as full names, email addresses, links to social media accounts, and other information from LinkedIn profiles. SEE: Data from 500 million LinkedIn users found selling online(TechRepublic) Scraping data and collecting it in one place is not as bad as a data breach. A breach typically exposes private data protected by privacy and disclosure rules such as social security numbers and account information. However, credential stuffing is one of the most common cybersecurity attacks. As Scott Matteson explained in an interview with a security expert: “Credential stuffing is the militarization of stolen credentials (usernames and passwords) against websites and mobile apps. Lists of credentials stolen from a site Web sites are tested against the login pages of other websites to gain unauthorized access to accounts and commit fraud. In its 2021 State of Security Identity report, the Auth0 company found that credential stuffing accounted for 16.5% of attempted login traffic on its platform. This bad actor activity peaked in March at over 40% of traffic, as Jonathan Greig reported for ZDNet. Proofpoint recently reported that a threat actor linked to the Iranian government was targeting specialist researchers in the Middle East with credential phishing attacks. People affected by a data breach have legal recourse against the company who suffered the data breach, but the rules regarding data scraping are not so clear. In 2016, LinkedIn sued hiQ Labs for retrieving data from the networking site, arguing that this activity was a violation of the Computer Fraud and Abuse Act. LinkedIn lost the case when the U.S. Ninth Circuit Court of Appeals ruled that publicly available data is not protected by the CFAA. TechRepublic has reached out to LinkedIn for comment on the latest set of data recovered. The company did not respond. In response to another scraped data set that emerged in June, LinkedIn said no private data was exposed. The scraping of data violates the company’s terms of service. The company also said that “when someone tries to take member data and use it for purposes that LinkedIn and our members have not agreed to, we make an effort to stop them and hold them accountable.” Cyber ​​Security Newsletter Strengthen your organization’s IT security defenses by staying on top of the latest cybersecurity news, solutions and best practices. Delivered on Tuesdays and Thursdays

