Expert comment on Linkedin investigation by Italian watchdog
April 2021 by Paul Prudhomme, Head of Threat Intelligence Advisory at IntSights
The comment by Paul Prudhomme, Head of Threat Intelligence Advisory at IntSights on the Linkedin being investigated by the Italian watchdog after the data of 500 million users had been found for sale online:
“The severity of this incident lies not so much in the data points themselves but in their potential use in attacks on enterprises via their employees, as well as the sheer volume of data. Most of the data points in this leak, such as email addresses or phone numbers, are less sensitive in and of themselves, compared to other data points like passwords, dates of birth, and Social Security numbers. Attackers could, however, use these details for reconnaissance or in spam, phishing, or other social engineering attacks on LinkedIn users. The ultimate goal of many such attacks would probably be to gain access to enterprise networks themselves via compromises of their employees’ accounts or devices. Such attacks may be more likely to succeed due to the rise of remote work and the increased use of home or personal devices for work due to the COVID-19 pandemic. Attacking companies via their employees’ personal accounts and devices is one way for attackers to work around enterprise network security defences.”