Security News

Personal data from more than 500 million LinkedIn users has been posted for sale online in yet another incident of threat actors scraping data from public profiles and slinging it online for potential cybercriminal misuse. Hackers posted an archive containing data they said includes LinkedIn IDs, full names, professional titles, email addresses, phone numbers and other personally identifiable information on a popular hacker forum, according to a report in CyberNews on Tuesday.

A massive trove of LinkedIn account data has been found for sale online, containing 500 million user records including email addresses, phone numbers, links to other social media profiles and professional details. CyberNews researchers were able to confirm that the data contained in the sample was legitimate, but added that " it's unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies.

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "More eggs." To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles.

A threat group called Golden Chickens is delivering the fileless backdoor more eggs through a spear-phishing campaign targeting professionals on LinkedIn with fake job offers, according to researchers at eSentire. "Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more eggs."

LinkedIn is down for many users, including on the web and mobile, and we are not sure why. BleepingComputer has observed accessing LinkedIn shows obscure error messages to users around the world.

Phishers are trying to trick users into opening a "LinkedIn Private Shared Document" and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns. The phishing message is delivered via LinkedIn's internal messaging system and looks like it has been sent by one of the victim's contacts.

UPDATE. Link previews in popular chat apps on iOS and Android are a firehose of security and privacy issues, researchers have found. When a user sends a link through, it renders a short summary and a preview image in-line in the chat, so other users don't have to click the link to see what it points to.

A Russian hacker who was found guilty of hacking LinkedIn, Dropbox, and Formspring over eight years ago has finally been sentenced to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin, 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and now-defunct social-networking firm Formspring, and stole data on over 200 million users.

A Russian scumbag found guilty of hacking into LinkedIn, Dropbox, and Formspring - and stealing data on over 200 million users - has been sent down for more than seven years. Yevgeniy Nikulin was sentenced to 88 months in an American prison by a federal court in San Francisco this week though the judge in this case, William Alsup, was surprisingly kind about the 32-year-old Russian.

A Russian national was sentenced to 88 months in prison in the United States for hacking LinkedIn, Dropbox, and Formspring in 2012. The man, Yevgeniy Aleksandrovich Nikulin, who will turn 33 next month, was charged in 2016 for using stolen employee credentials to access without authorization the systems of LinkedIn, Dropbox and Formspring.