Data scraped from the LinkedIn profiles of nearly 700 million people, or more than 90% of LinkedIn's total membership, is being offered for sale on the online cybercrime marketplace

The data includes full name, work email address, date of birth, work address, cell phone number, Facebook and Twitter IDs and links, job title, local location, and in some cases specific GPS coordinates, all of which appear to be publicly accessible from LinkedIn profile pages accessible to the public from their LinkedIn profile page

Those who provide all this information on their LinkedIn page may receive more spam, become targets of phishing attempts, and possibly increase their risk of identity theft

More significantly, many of the entries contain very specific GPS coordinates, which could reveal where LinkedIn users live

The solution, as always, is to give LinkedIn as little information about yourself as possible, and to prevent LinkedIn apps, or any social media apps, from accessing your phone's GPS data

Providing the minimum information necessary to maintain a LinkedIn account, or indeed any social media account, will avoid getting caught in the next data scraping

Also, be sure to go into your phone settings and deny social media apps access to your GPS coordinates

In Android, go to Settings > Apps and Notifications > App Permissions > Location to determine which apps will always, only occasionally, or never access your location Location Services" to do the same

However, quite a few entries contained specific geographic coordinates, certainly more than provided an email address or phone number

These users were using LinkedIn's mobile app and may not have known that the app may have acquired GPS data at that moment and uploaded it to LinkedIn's servers

The geographic coordinates were fairly easy to convert to locations on the map by copying and pasting the coordinates into Google We found locations in New York and Brazil, on roadsides in rural France, and in various cities in India

More alarmingly, we found coordinates zeroed in on specific addresses in a suburb of Boston and a small town in Wisconsin Google Street View identified individual homes and displayed their complete addresses Each of these listings was given a name

This is pretty serious This means that you or I could have driven to these homes, knocked on the doors, and asked for the names of the occupants

If someone whose home address could be identified with this data also happened to provide a date of birth and the required full name, an identity thief might try to use these three pieces of information to open an account in that person's name fraudulently

Tom's Guide looked at the smallest sample of scraped LinkedIn data, the only sample size that did not require registration with a dubious website

We found that while all 443 entries provided in the sample included the LinkedIn user's full name and LinkedIn ID, URL, and username, most users voluntarily provided nothing more than a general geographic location, ie, country, city, state We found that none of them

Most users only told LinkedIn the bare minimum necessary to maintain their account Only about 75% of users in our data sample included their work email address

Personal email addresses were not asked Very few people provided a cell phone number, and only one was found in the first 100 cases

This incident comes just a few months after another incident in which data collected from 500 million user profiles on LinkedIn was posted

"We cannot confirm whether the records are cumulative of data from previous breaches or public profiles, or whether the information is from private accounts," said Privacy Shark, the website that analyzed the new data samples

"We are not able to verify whether the data is from a private account

"Given that there are 200 million new records available, it is likely that new data was scraped"

The person selling the data is named TomLiner, who posted the sales notice on the publicly available Raid Forums website on June 22 He or she offers samples of various sizes, ranging from one million records to just a few hundred records

Another website that analyzed the sample, Restore Privacy, told us that TomLiner used LinkedIn's proprietary API, or application program interface, a tool that allows computers to quickly interface with a website's server to scrape the data, he stated

LinkedIn's own website declares that it has 756 million users If this stolen data really corresponds to 700 million users, it represents about 925% of LinkedIn's total users If you have a LinkedIn account, your data is probably part of this

In other words, this is not strictly a data breach, just as the scraping of 500 million LinkedIn profiles a few months ago did not involve hacking

Then, as now, LinkedIn disclaimed liability in a statement to Privacy Sharks, saying, "This was not a LinkedIn data breach, and our investigation has determined that no data of individual LinkedIn members was compromised"

Nor is it as bad as the 2012 LinkedIn data breach that exposed the personal information of some 117 million LinkedIn users, including personal email addresses and unencrypted passwords Even Facebook founder Mark Zuckerberg had his email address and password leaked in that incident

Still, it will be small comfort to those who trusted LinkedIn's data protection As privacy expert Melanie Ensign noted in a recent opinion piece in Tom's Guide, "The information that companies force users to share in their public profiles can do a lot of harm"

"Whether the data is stolen, leaked, or scraped, the result for consumers is the same," Ensign added Their privacy has been violated by a company they thought they could trust"