Not a leak, but a drain

The main question was whether this array was the result of leaks from the databases of the LinkedIn network itself, or whether the information was collected from open sources using technical means – i.e. scraper bots.

Representatives of LinkedIn, for their part, categorically rejected suggestions of a data leak.

“We are not talking about a leak from LinkedIn databases, and in the information that we were able to study, there was no private data from LinkedIn accounts. Any incorrect use of our users’ data, including through scraping, violates the LinkedIn terms of use. When someone tries to use the data of network users for purposes that neither we nor our users approve of, we do everything to stop it and punish the perpetrators,” the social network administration said in a statement.

The media, which were able to access a sample collection of data from LinkedIn, confirm that we are not talking about a leak: it’s just publicly available data collected in one place. Many news agencies, however, presented the information as if it were about merged LinkedIn databases. Which is not true.

Exactly the same “leak” occurred with Clubhouse: the data of 1.3 million users of the resource were collected in one array, but there is nothing private in this information.

“There is only one way to protect yourself from scrapers – to publish only the most necessary minimum of information about yourself,– says Mikhail Zaitsev, an information security expert at SEC Consult Services. – The less information is publicly available, the less likely it is that someone will try to use it against you. In general, in such cases, it is important to call a spade a spade: compilation of data from open sources, on the one hand, cannot be considered identical to a leak simply because of how and from where this data was collected. It’s not LinkedIn’s fault.”

The expert also noted that LinkedIn users should still take the same preventive and protective measures as in case of a real leak: change passwords, implement two-factor authorization and do everything to insure against phishing attempts.