Jump to content
Sign in to follow this  
The AchieVer

Eight unsecured databases found leaking nearly 60 million LinkedIn users' information

Recommended Posts

The AchieVer

Eight unsecured databases found leaking nearly 60 million LinkedIn users' information

 

linkedin, imac, people, background, desktop, table, business, mac, digital, gray, editorial, technology, touch, computer, computing, mobile, linked, device, online, man, screen, search, network, friends, display, pad, interface, illustrative, internet, partnership, social, iphone6, gadget, contact, company, discussion, apple, information, blog, space, chat, message, office, hand, communication
 
  • The total size of databases is estimated to be 229 GB.
  • As of April 15, 2019, the databases were secured and are no longer accessible on the internet.

 

Eight misconfigured databases have been found leaking approximately 60 million records of LinkedIn user information. The total size of databases is estimated to be 229 GB, with each database ranging between 25 GB and 32 GB.

 

What’s the matter - According to Bleeping Computer, a security researcher Sanyam Jain of the GDI foundation had discovered the misconfigured databases about two weeks ago. The researcher discovered that unsecured databases containing the same LinkedIn data kept on appearing and disappearing from the Internet under different IP addresses.

 

"According to my analysis, the data has been removed every day and loaded on another IP. After some time the database becomes either inaccessible or I can no longer connect to the particular IP, which makes me think it was secured. It is very strange,” said Sanyam to Bleeping Computers.

 

How was the leak identified - As an experiment, the researcher was able to pull the record of an affected person from one of the databases and review it. The record contained the victim’s LinkedIn profile information, ID, profile URL, work history, education history, location, listed skills, and other sensitive details. It also contained the email address of the victim that has been used for registering the LinkedIn account.

 

On further investigation, it was also discovered that the databases leaked the email addresses of the affected LinkedIn users. Each profile contains internal values that described the type of subscription the LinkedIn user has. These values are labeled as 'isProfessional', 'isPersonal', 'isGmail', 'isHotmail', and 'isOutlook'.

 

What has been done - Upon discovery, Bleeping Computer contacted Amazon, who was hosting the unprotected databases. As of April 15, 2019, the databases were secured and are no longer accessible on the internet.

 

 

Source

Share this post


Link to post
Share on other sites
mp68terr

Those using linkedin signed up to share their profile. Its availability outside of the linkedin channel does not really appears as a problem (except for linkedin failure to protect its data).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...