Go to listing page

Eight unsecured databases found leaking nearly 60 million LinkedIn users' information

Eight unsecured databases found leaking nearly 60 million LinkedIn users' information
  • The total size of databases is estimated to be 229 GB.
  • As of April 15, 2019, the databases were secured and are no longer accessible on the internet.

Eight misconfigured databases have been found leaking approximately 60 million records of LinkedIn user information. The total size of databases is estimated to be 229 GB, with each database ranging between 25 GB and 32 GB.

What’s the matter - According to Bleeping Computer, a security researcher Sanyam Jain of the GDI foundation had discovered the misconfigured databases about two weeks ago. The researcher discovered that unsecured databases containing the same LinkedIn data kept on appearing and disappearing from the Internet under different IP addresses.

"According to my analysis, the data has been removed every day and loaded on another IP. After some time the database becomes either inaccessible or I can no longer connect to the particular IP, which makes me think it was secured. It is very strange,” said Sanyam to Bleeping Computers.

How was the leak identified - As an experiment, the researcher was able to pull the record of an affected person from one of the databases and review it. The record contained the victim’s LinkedIn profile information, ID, profile URL, work history, education history, location, listed skills, and other sensitive details. It also contained the email address of the victim that has been used for registering the LinkedIn account.

On further investigation, it was also discovered that the databases leaked the email addresses of the affected LinkedIn users. Each profile contains internal values that described the type of subscription the LinkedIn user has. These values are labeled as 'isProfessional', 'isPersonal', 'isGmail', 'isHotmail', and 'isOutlook'.

What has been done - Upon discovery, Bleeping Computer contacted Amazon, who was hosting the unprotected databases. As of April 15, 2019, the databases were secured and are no longer accessible on the internet.

Cyware Publisher

Publisher

Cyware