Hong Kong’s privacy watchdog checking whether city residents’ LinkedIn data exposed
- Names, emails, phone numbers and workplace details that reportedly belong to 500 million users being offered for sale on hacking forum
- Privacy commissioner has asked the US-based company for clarification on whether any residents are affected in the second major data incident this week
Hong Kong’s privacy watchdog has sought clarification from career networking site LinkedIn over residents’ possible exposure from a reported extraction of personal data involving 500 million users worldwide.
Privacy Commissioner for Personal Data Ada Chung Lai-ling said on Thursday her office had contacted the US-based company, which indicated it was investigating the matter.
The watchdog acted after online publication CyberNews reported that the information of roughly 500 million LinkedIn users was being offered for sale on a popular hacking forum.
CyberNews said four files were being offered containing users’ full names, email addresses, phone numbers and workplace details, among other information.
In a reply to the Post, LinkedIn said: “While we’re still investigating this issue, the posted data set appears to include publicly viewable information that was scraped from LinkedIn combined with data aggregated from other websites or companies. Scraping our members’ data from LinkedIn violates our terms of service and we are constantly working to protect our members and their data.”
Web scraping involves the extraction or harvesting of data already publicly available on a website. The move can be carried out manually by a user or through automated processes such as bots.
A day earlier, the privacy commissioner said her office was aware of the media reports and was “trying to contact the LinkedIn Hong Kong office to seek clarification, in particular, to ascertain if any Hong Kong users were affected”.
The watchdog had not received any inquiries or complaints relating to the case, she added.
News of the data extraction came hot on the heels of a similar incident involving the personal details of 500 million users on social media platform Facebook that took place two years ago, but which only came to light over the weekend.
The privacy commission asked Facebook’s local office to notify its 3 million Hong Kong users about the stolen information as soon as possible. The watchdog said victims could still be using the same phone numbers and email addresses from two years ago.
Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, said internet scrapers were using non-hi-tech software to extract publicly viewable personal data for their own purposes, such as data peddling. Some social media companies might not consider scrapping to be a leak or security issue.
He reminded social media users to be careful about what information they made public online, while the firms should also educate users.