Sometimes what looks like a major data breach isn't the kind of issue that it seems. When RestorePrivacy reported that about 700 million records had been stolen from the social networking company LinkedIn, the threat seemed like it could be a major issue for consumers around the world. Since then, the company has categorically denied that a cyberattack occurred at all and instead claimed the attack is a far less serious scraping issue.
No sensitive data stolen
Rather than the sort of data that would be purloined during a true cyberattack, LinkedIn instead says that all of the information in question was publicly available on user profiles, such as names, LinkedIn usernames, phone numbers and, in some cases, geolocation data, according to The Economic Times.
"We want to be clear that this is not a data breach and no private LinkedIn member data was exposed … Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update."
While the social networking company maintained that the impact of the scraping attack was far less significant than the RestorePrivacy report had insinuated, it still acknowledged such issues were concerning.
"Any misuse of our members' data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven't agreed to, we work to stop them and hold them accountable," the statement read.
Potential future phishing attacks
To understand why LinkedIn has been able to deny the importance of this attack, it's important to know the difference between scraping and a legitimate cyberattack. While a cyberattack involves a hacker actually sidestepping a company's security system to infiltrate private data, a scraping attack utilizes consumer data that's already publicly available.
Scraping attacks don't impact any of the most sensitive personally identifiable information that a company may have, such as passwords, or payment information like credit card numbers. Nevertheless, the information gained could be used in targeted phishing attacks down the road. Cybercriminals use this public data to more effectively impersonate a company and trick victims into entering more sensitive PII.
Scraping is an especially common problem for social networking companies like LinkedIn, whose products typically require users to make a certain level of personal information public on their accounts. Facebook, for example, faced a similar issue earlier this year when news came out that the company had failed to disclose a scraping attack from 2019.
Cybersecurity capabilities you can trust
Each day, companies like LinkedIn and Facebook must deal with protecting the data of users, not just from scraping but also from more nefarious attacks that could expose massive amounts of sensitive information. Even if you're not working with consumer data at the same kind of scale, keeping all of your data safe is still essential. One of the easiest and most important ways to shore up your network is by ensuring all of your applications are protected by modern, secure identity frameworks. This can include multi-factor authentication, and some vendors are even moving to integrate biometric recognition technologies such as fingerprint readers.