(cache)Vulnerability in Massive API Scraping: 2021 LinkedIn Data Breach | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2021 International Conference...

Vulnerability in Massive API Scraping: 2021 LinkedIn Data Breach

PDF
Brandon Gibson; Spencer Townes; Daniel Lewis; Suman Bhunia
All Authors

Abstract:

This paper analyzes the data breach of Linkedin in the summer of 2021. An adversary utilized LinkedIn’s overly invasive API in order to scrape a massive amount of persona...Show More

Metadata

Abstract:

This paper analyzes the data breach of Linkedin in the summer of 2021. An adversary utilized LinkedIn’s overly invasive API in order to scrape a massive amount of personal information data. Connecting this data with other API sources allowed the adversary to create a super-list of data that would be maliciously sold through the internet. The attack exposed 90% of users’ data in LinkedIn and forced the company to re-evaluate its API scheme. This huge amount of data containing personal information enabled other bad actors to launch social engineering attacks on targeted users. In addition to providing the detailed attack methodology, this paper inspects the impact of this breach and outlines possible defense strategies such as proper authentication and authorization, limiting the data scraping, and anomaly detection techniques.
Published in: 2021 International Conference on Computational Science and Computational Intelligence (CSCI)
Date of Conference: 15-17 December 2021
Date Added to IEEE Xplore: 22 June 2022
ISBN Information:
DOI: 10.1109/CSCI54926.2021.00191
Conference Location: Las Vegas, NV, USA
Contents

I. Introduction

In this digital age, many websites provide Application Programming Interfaces, also known as APIs, that allow developers and other sites to interact with their website and its services. The weather app that we use every day on our phones comes from a weather website’s API, or even the booking website used to make plans for the next big vacation comes from a wide variety of APIs. So much of our lives are intertwined with APIs, they have become crucial for functioning. However, such benefits also come at great risk. With so many websites now using APIs, they have opened up the door for malicious hackers to scrape and sell information of our very lives.

Contact IEEE to Subscribe
More Like This
An Experimental Evaluation of a Privacy-Preserving Authentication and Authorization Scheme*

2022 International Conference on Computational Science and Computational Intelligence (CSCI)

Published: 2022

Authentication and Authorization Scheme for Various User Roles and Devices in Smart Grid

IEEE Transactions on Information Forensics and Security

Published: 2016

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.