What we can learn from Recent 700M LinkedIn user “Data Breach” news in the wild

There are tons of news sites posting recent “Data Breach” took place with over 700M (92%) of total LinkedIn users. Data breach sometimes is being used interchangeably whenever high volume of data appear on web or dark web. Specially sometimes bloggers and news agency either due to lack of enough technical knowledge, or just for attracting more viewer with such fancy titles, use terminologies such as “Data Breach”, “Exposed Data on Sale”, “Leaked as Proof” etc.

What needs to be highlighted is that dumping data on Bin sites (ghostbin, pastebin.etc), dark web data, or publicly available sites does not convey the message that data breach took place.

In this short article, I would like to discuss what is Data Breaching vs Data Scraping:

Data Scraping:

Data Scraping, refers using harvesting and scraping tools to search the web using targeted site or application APIs or publicly and available data on the websites and social medias. Assume that public data such as what we post or share on our social media which is not necessary private and/or confidential such as name, job position, company working, etc. Poor managed API management and tactics such as Google Dork, would be handy for curious data scraper.

Data scraping becomes more scary when such automated scraping consolidates various data sources and correlate them together which make it more meaningful data which could be used for various purpose such as social engineering, marketing and many more.

Back to the recent News, recent data that have been exposed and publicly provided, is result of Data Scraping which used public data available through LinkedIn which we all are aware what we have shared on LinkedIn.

would directly impact code of ethics, NDAs, Regulations and many more. However,

- Penetrating into organization:

Cyber criminals are always looking for targeted organizations and induvial to gain access and escalate their privilege to bypass security controls to obtain sensitive information for the benefit. In this scenario it could be personal reason, government sponsor or corporate and business competition etc.

- Misconfiguration:

Sometimes hackers they don’t even need to run tool to obtain the access sensitive information. Google Dork is one of the good examples that SQL Back Up, poor configuration of our cloud storages are possible ways but not limited to lead to a data breach. The same Google Dork could be used for Data Scraping too.

- Supply Chain and Third-Party Attack:

Many organizations invest tremendously on their security technologies internally to secure and strength their security controls to protect their data. However there have been number of data breaches that took place on third parties that integrated into our organization or processing or storing our data in their environments. Poor third party security could potentially lead to data leakage.

- Insider data leakage:

Insider data leakage is another common case which could lead to a data breach by bribing an insider staff, unhappy employee who intentionally may leak data out. Insiders due to knowing the environment and preventive controls, have higher chance to find their ways over time gradually leak data out.

- Human mistake and Accidental Leakage:

Have you ever intended to send an Email out to another Organization/User abc@xyz.com and mistakenly share with abc@xyx.com? Human mistakes could always happen due to poor awareness, lack of proper education, or negligence.

- Tailgating:

Sometimes due to poor physical security checks, strangers or unauthorize individuals may get the chance to walk into the organization premise, now imagine your staff not following clean desk policy, screen lock, data shredding, or your server room or sensitive area is not protected sufficiently, and sensitive data could be in hand of person who should not.

What’s Next:

Whether it’s a cyber incident data breach or data scraping, once your data is exposed and publicly accessible, you should expect the following scenarios and following actions that need to be taken from your side:

1- Expect phishing and social engineering

2- Change your password and make sure your 2FA is enabled.

3- Check to what extend your info on social media and web

4- Know your data and know what and where you share on.

Cyber security and data protection is everyone responsibility regardless of which department you are working or what data we own. Many of the time, you may think, you don’t have any sensitive information or private info that need to protect it. Sometimes such info could be used to map or link that to other users.

The good news is that recent data that have been shared publicly contains info such as Name, Geo Location, Job titles, which users publicly made it accessible, however no passwords have been accessed by the data scrappers.