The Office of Cybersecurity learned this week that more than 500 million LinkedIn profiles have been recently scraped (The process of obtaining lists of email addresses and other public information from websites. Typically sold for bulk email or spam). The scraped information has been put up for sale, including a number of accounts with @wisc.edu email addresses.
The LinkedIn data that has allegedly been taken includes: full names, email addresses, phone numbers, workplace information and more.
An update on the report of scraped data from LinkedIn site states: “This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.”
To see if your account was exposed in this data leak or other security breaches, use this tool: https://haveibeenpwned.com/. This link allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
As a precaution, we urge everyone with a LinkedIn account to closely monitor their account and enable two-step verification as shown in these LinkedIn Help instructions.
This security event reminds us of why we should limit exposure of personal information on social media sites and shouldn’t reuse passwords on multiple sites. It’s very easy for criminals to use the data they stole to run your username and passwords against millions of sites. If they can obtain access to your associated accounts, there’s a chance they could steal your identity.
Protect Yourself: Use A Password Manager
You can help prevent your personal account from becoming vulnerable to this type of attack and reduce your exposure by using a password manager. A password manager eliminates the need for you to remember multiple usernames and unique passwords.
If you do not currently use a password manager, UW–Madison provides LastPass Password Manager for free. Get more information at End Your Password Struggles With LastPass Enterprise (Source: it.wisc.edu).
—Bob Turner, Chief Information Security Officer and Director, Office of Cybersecurity