Users of the business and employment-oriented online service LinkedIn should be aware that the personal profiles of up to 1 billion users have been made available on the underground online market place, also referred to as the dark web.
The database includes full names, email addresses, workplace information, and other data points the account owners publicly listed on their LinkedIn profiles.
While not highly sensitive, the data could still be used by cyber criminals to stage attacks against users and business organizations who they see as affluent and potentially vulnerable to phishing and ransomware attacks.
Cyber criminals can use the data obtained from LinkedIn to conduct social engineering exploits against users. Social engineering is the art of manipulating, influencing, or deceiving people in order to gain access to a computer system or online accounts. A criminal might use the phone, email, snail mail, or direct contact to gain access.
The LinkedIn account hack will likely lead to an uptick in spam email, both in your personal and UT System email accounts. If you receive a work email from an unrecognized sender or if the email looks suspicious, use the Phish Alert button to report it to UT System's information security analysts.
If you currently have a LinkedIn account, you should take the following precautions:
- Change your LinkedIn account password and make sure that it is not a password used for any other online accounts.
- Be cautious of anyone sending you messages via LinkedIn, especially messages that contain links to external websites.
- Be suspicious of any new connection requests. If you are not familiar with the person or the company they work for, or if you do not have any common connections, consider declining the request.
- If you receive an email purporting to come from LinkedIn, do not click on the links. Instead, login to LinkedIn directly from your web browser to access your messages.
For more information on phishing, social engineering, and other cyber security topics, see the ISO SharePoint site.