By Oded Vanunu, Head of Products Vulnerability at Check Point Research
Back in April of this year, a data leak was reported on Linkedin, with the information being put up for sale by 500 million members. Now, this figure must be corrected: According to media reports, the data sets of 700 million Linkedin users have appeared in a hacker forum-the platform currently has about 756 million participants. Among the stolen details about the people are their names, email addresses, phone numbers, and addresses. However, credit card data should not be included. Whether the data came from the 2016 data leak or from another attack is unknown.
Oded Vanunu, Head of Products Vulnerabilities Research at Check Point Software
However, we can say: this case is similar to our research on the popular mobile phone app TikTok. There we were able to read the TikTok API, i.e. interface, and build a database with information about the users. With regard to Linkedin, it appears that the hackers also obtained the data via the Linkedin API, which they may have cracked. Both incidents underscore that API security is very important and should be taken seriously as entrepreneurs set up their application and IT infrastructure.
Applications running on clouds are mainly built with a so-called core application logic. This means that it is connected to many APIs that provide the data of the application. Now, if the APIs remain unsecured, they are at risk of attack, especially if they are API code vulnerabilities or unlimited API calls are made. Something like this can lead to a big data leak, as we reported regarding TikTok and see again in this Linkedin case.