The records look like scraped data from LinkedIn profiles. Given the nature of these details and the lack of sensitive information like payment card data or passwords makes Diachenko assume that the data was scraped from publicly available LinkedIn profiles. The scraped data is currently uploaded to the HaveIBeenPwned service which allows users to check if their personal information has been exposed. Regarding the legality of web scraping for personal data, Diachenko says that it is legal to copy what is publicly available but it should not be used against the best interests of the owner, which is considered an offense. "Since the data displayed on websites is meant for public consumption, it is legal to copy the information to a file on your personal computer. Because there is the risk of the personal data to be used against you, the researcher recommends sharing only the "bare minimum" when creating an online profile or account.