Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label profile. Show all posts
profile
Data Breach Data Leak database Linkedin Personal Data profile

LinkedIn Profile Data Among Billions of Records Found in Exposed Online Database

 



Cybersecurity researchers recently identified a massive online database that was left publicly accessible without any security protections, exposing a vast collection of professional and personal information. The database contained more than 16 terabytes of data, representing over 4.3 billion individual records that could be accessed without authorization.

Researchers associated with Cybernews reported that the exposed dataset is among the largest lead-generation style databases ever discovered online. The information appears to be compiled from publicly available professional profiles, including data commonly found on LinkedIn, such as profile handles, URLs, and employment-related details.

The exposed records included extensive personal and professional information. This ranged from full names, job titles, employer names, and work histories to education records, degrees, certifications, skills, languages, and location data. In some cases, the datasets also contained phone numbers, email addresses, social media links, and profile images. Additional information related to corporate relationships and contract-linked data was also present, suggesting the dataset was built for commercial or business intelligence purposes.

Investigators believe the data was collected gradually over several years and across different geographic regions. The database was stored in a MongoDB instance, a system commonly used by organizations to manage large volumes of information efficiently. While MongoDB itself is widely used, leaving such databases unsecured can expose sensitive information at scale, which is what occurred in this incident.

The exposed database was discovered on November 23 and secured approximately two days later. However, researchers were unable to determine how long the data had been accessible before it was identified. The exposure is believed to have resulted from misconfiguration or human error rather than a deliberate cyberattack, a common issue in cloud-based data storage environments.

Researchers noted that the database was highly organized and structured, indicating the information was intentionally collected and maintained. Based on its format, the data also appears to be relatively current and accurate.

Such large datasets are particularly attractive to cybercriminals. When combined with automated tools or large language models, this information can be used to conduct large-scale phishing campaigns, generate fraudulent emails, or carry out targeted social engineering attacks against individuals and corporate employees.

Security experts recommend that individuals take precautionary measures following incidents like this. This includes updating passwords for professional networking accounts such as LinkedIn, email services, and any connected financial accounts. Users should also remain cautious of unexpected emails, messages, or phone calls that attempt to pressure them into sharing personal information or clicking unknown links.

Although collecting publicly available data is not illegal in many jurisdictions, failing to properly secure a database of this size may carry legal and regulatory consequences. At present, the ownership and purpose of the database remain unclear. Further updates are expected if more information becomes available or accountability is established.

Read more »
Subscribe to: Comments (Atom)