in

Some User Data Scraped and Posted for Sale: LinkedIn

Platform denies breach, says key info may have been ‘scraped’ from site

Some User Data Scraped and Posted for Sale LinkedIn

Close on the heels of a data hack at Facebook and MobiKwik, LinkedIn faced a massive breach wherein details of over 500 million users have been scraped from the platform and posted online for sale on a popular hacker forum.

The dataset includes sensitive information such as email addresses, phone numbers, workplace details, full names, gender, account IDs, and links to users’ other social media accounts.

While the Microsoft-owned professional networking platform said there was no data breach, it acknowledged that the data available include publicly viewable member profiles “that appear to have been scraped from LinkedIn.”

“We have investigated an alleged set of LinkedIn data that have been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appear to have been scraped from LinkedIn,” LinkedIn said in a statement

But experts said that the recent spate of massive data breaches at LinkedIn, Facebook, and MobiKwik is a glaring reminder of how companies should be mandated to immediately inform both the regulators and their users of the leak to ensure users are protected from harm, apart from highlighting the need for a data protection law in India. There is also a need for a substantial data breach reporting requirement in the data protection law, as well as an updated strategy on national cybersecurity, experts said.

None of the companies informed users of the breach.

“Companies are under an obligation — or more generally under data protection (laws) that in practice globally — and also in terms of the human rights impact of their business operations, to let users know when incidents occur that have an impact on their sensitive information and personal data,” Raman Jit Singh Chima, Asia Policy Director and Senior International Counsel at Access Now, told BusinessLine.

“The alarming aspect is not only the fact that the frequency and intensity of such breaches are increasing but also the fact that the entities concerned are obviating reporting such events to the end users as well as the regulators,” said Alok Shende, MD, Ascentius Consulting.

Prasanth Sugathan, legal director, SFLC.in, said that with the user base for online platforms increasing, “we are bound to see more breaches and security incidents. Companies need to up their game and make the platforms secure. Governments should, on the other hand, ensure that the privacy rights of users are protected. The regulatory framework should provide protection for users and minimise chances of harm from such breaches.”

While countries such as Italy have started an investigation into the Linkedin data breach, Delhi is yet to act on this and data breaches at other tech firms.

What do you think?

12321 points
Upvote Downvote

Written by Ritik Gupta

His name is Ritik Gupta; currently pursuing law. He has always kept pride as his everything. He deems writing as not like any other hobby but a reflection of one’s intellectuality. He likes to research on the parasitic problems and then lay them down in such a means that can be of assistance to the society. He just not studies law but treats it a controversial weapon to defeat the wrong.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Loading…

0
Securities and Exchange Board of India (SEBI) imposes penalty of Rs 25 crore on Ambani family

Securities and Exchange Board of India (SEBI) imposes penalty of Rs 25 crore on Ambani family

Westlife Development Ltd., which operates McDonald’s, starts 247 contactless delivery in Mumbai

Westlife Development Ltd., which operates McDonald’s, starts 24/7 contactless delivery in Mumbai