Jump to content

Eight unsecured databases found leaking nearly 60 million LinkedIn users' information


The AchieVer

Recommended Posts

The AchieVer

Eight unsecured databases found leaking nearly 60 million LinkedIn users' information

 

linkedin, imac, people, background, desktop, table, business, mac, digital, gray, editorial, technology, touch, computer, computing, mobile, linked, device, online, man, screen, search, network, friends, display, pad, interface, illustrative, internet, partnership, social, iphone6, gadget, contact, company, discussion, apple, information, blog, space, chat, message, office, hand, communication
 
  • The total size of databases is estimated to be 229 GB.
  • As of April 15, 2019, the databases were secured and are no longer accessible on the internet.

 

Eight misconfigured databases have been found leaking approximately 60 million records of LinkedIn user information. The total size of databases is estimated to be 229 GB, with each database ranging between 25 GB and 32 GB.

 

What’s the matter - According to Bleeping Computer, a security researcher Sanyam Jain of the GDI foundation had discovered the misconfigured databases about two weeks ago. The researcher discovered that unsecured databases containing the same LinkedIn data kept on appearing and disappearing from the Internet under different IP addresses.

 

"According to my analysis, the data has been removed every day and loaded on another IP. After some time the database becomes either inaccessible or I can no longer connect to the particular IP, which makes me think it was secured. It is very strange,” said Sanyam to Bleeping Computers.

 

How was the leak identified - As an experiment, the researcher was able to pull the record of an affected person from one of the databases and review it. The record contained the victim’s LinkedIn profile information, ID, profile URL, work history, education history, location, listed skills, and other sensitive details. It also contained the email address of the victim that has been used for registering the LinkedIn account.

 

On further investigation, it was also discovered that the databases leaked the email addresses of the affected LinkedIn users. Each profile contains internal values that described the type of subscription the LinkedIn user has. These values are labeled as 'isProfessional', 'isPersonal', 'isGmail', 'isHotmail', and 'isOutlook'.

 

What has been done - Upon discovery, Bleeping Computer contacted Amazon, who was hosting the unprotected databases. As of April 15, 2019, the databases were secured and are no longer accessible on the internet.

 

 

Source

Link to comment
Share on other sites


  • Replies 1
  • Views 377
  • Created
  • Last Reply

Those using linkedin signed up to share their profile. Its availability outside of the linkedin channel does not really appears as a problem (except for linkedin failure to protect its data).

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...