The security team at LinkedIn doesn’t get much rest lately. In April, 500 million of its user’s data was exposed by hackers, and the same data collection technique was apparently used by a dark web user called TomLiner, who is currently selling 700 million LinkedIn user records (92% of all LinkedIn users) in a convenient bundle for just $5,000.

The data collection technique in question is called scraping, which is the act of extracting useful information from a website. Since any public website can be scraped using readily available tools, it wouldn’t be correct to call this incident a breach, as LinkedIn quickly pointed out.

“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources,” said Leonna Spilman, Corporate Communications Manager at LinkedIn. “This was not a LinkedIn data breach, and our investigation has determined that no private LinkedIn member data was exposed.”

So, what data has been exposed? Fortunately, no passwords or dates of birth. Here’s what a sample of one million records published by the scrapper contains:

• Email addresses
• Full names
• Phone numbers
• Physical addresses
• Geolocation records
• LinkedIn username and profile URL
• Personal and professional experience/background
• Genders
• Other social media accounts and usernames

Who would pay $5,000 for this information, you wonder? Spammers, phishers, and other cybercriminals are definitely the target audience here.

Also Read: Is Your Phone Hacked? How To Find Out & Protect Yourself

Having all this information in one place makes it much easier for them to create detailed profiles of their potential victims and launch sophisticated targeted attacks against them. Sure, they could simply scape it by themselves using LinkedIn’s own API (application program interface) just like the seller did, but cybercrime can be so profitable that their time is often more valuable.

If you have a LinkedIn account, then you should assume that your personal information is included in the dataset and act accordingly. More specifically, you should enable multi-factor authentication (MFA) and avoid replying to email messages from unknown senders, let alone opening any attachments they may contain.