LinkedIn and Facebook users should be aware that their personal information, such as email address and phone number, could have been leaked online last month. With this information having been leaked, users need to be aware that this could lead to social engineering attacks. So, users need to be alert and vigilant in checking the validity of emails from friends and other trusted sources, as well as baiting scenarios and 'responses to a question you never had' attacks. With these kinds of attacks, you should be sure to double-check the contents of the message. You can find preventative techniques here or here.

It appears the user information from both social media platforms may have been attained from scraped profiles. Data scraping, also known as web scraping, is the process of importing information from a website into a spreadsheet or local file saved on your computer. Legally, it is used for research/business intelligence, price comparison sites, market research among public data sources and/or sending product data from an e-commerce site to another online vendor. Illegally, it is used for nefarious purposes such as this situation with Facebook and LinkedIn. 

If you are concerned that your data has been leaked from one of the two affected sites, you can check to see if your phone number or email address associated with the account(s) have been attained by using this data breach checker tool from cybernews. The tool is pretty simple to use. You enter your email address or phone number (phone number must be in the international format, ex.: U.S. numbers start with 1. So an example would be 15558889999.), then just click the Check Now button and it will tell you if they have found your information in a data leak. 

I checked my phone number (number redacted for security purposes) and the results (photo on right) came up with my data has been leaked from Facebook scraped data.

Odoo • Text and Image
Odoo • Image and Text

I checked my email address next (photo on left), which luckily has not been found in a data leak. This does not mean it hasn't been impacted. It just means the checker hasn't found it in a leak as of that moment.

Contact us if you need help securing your devices.

Join us and make your company a more secure place.