GDI Foundation, where the security researcher is from, is a nonprofit organization with a mission to “defend the free and open Internet by trying to make it safer.” The researcher, Sanyam Jain, contacted Bleeding Computer when he noticed “something strange.” He was seeing unsecured databases containing the LinkedIn data “appearing and disappearing from the Internet under different IP addresses.”
While the majority of the LinkedIn data was reportedly public, some of the data contained email addresses.
“According to my analysis, the data has been removed every day and loaded on another IP. After some time the database becomes either inaccessible or I can no longer connect to the particular IP, which makes me think it was secured. It is very strange,” Jain told Bleeding Computer. The total size of all of the databases was 229 GB, with each database ranging between 25 GB to 32 GB.
As an experiment, Bleeding Computer editor Lawrence Abrams asked Jain to pull his record from one of the databases and review it. According to the article, Abrams found the data contained in the record included “his LinkedIn profile information, including IDs, profile URLs, work history, education history, location, listed skills, other social profiles, and the last time the profile was updated.”
The email address Abrams used when he registered his LinkedIn account was also included. The editor doesn’t know how the information got onto this database as he “always had the LinkedIn privacy setting configured to not publicly display his email address.”
Each profile also contains what appears to be internal values that describe the type of LinkedIn subscription the user has and whether they utilize a particular email provider, according to Bleeding Computer. These values were labeled “isProfessional,” “isPersonal,” “isGmail,” “isHotmail” and “isOutlook.”
Bleeding Computer contacted Amazon, who was hosting the databases, and as of April 15, 2019, the databases were secured and were no longer accessible via the internet.
LinkedIn’s Paul Rockwell, head of trust and safety, told the website: “We are aware of claims of a scraped LinkedIn database. Our investigation indicates that a third-party company exposed a set of data aggregated from LinkedIn public profiles, as well as other, non-LinkedIn sources. We have no indication that LinkedIn has been breached.”
LinkedIn also told the outlet that in some cases an email address could be public and provided a link to a privacy page that allows users to configure who can see a profile’s email address.