LinkedIn on Tuesday issued a clarification after reports indicated that the company had suffered a second major data breach this year. Countering the claims, the company said that no private LinkedIn member data had been exposed. Counter-reports however continue to make the rounds, fuelled by posts on hacker forums that have posted ads for the data over the last few days.
"Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed," a statement uploaded on LinkedIn's website said.
The purported data breach is said to have affected more than 92% of LinkedIn users. As per a RestorePrivacy report, a user on a popular hacker forum had advertised the sale of data from 700 million users on June 22. The user posted a sample which included details such as email address, full name, phone number, address and geolocation for one million LinkedIn users.
The publication which reached out to the seller, adds that the sample data does seem to be updated and authentic. The user in question claims that the data was obtained by exploiting the LinkedIn API to harvest uploaded information. The data did not include any financial details.
LinkedIn however had an explanation for the seeming authenticity of the data. "Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update," it explained.
This is LinkedIn's second data breach controversy of the year. Earlier, in April 2021, the data of around 500 million users had been stolen from the platform. At that time, the company had said that the information included publicly viewable profile data.