Data Breach
LinkedIn Data Breach
700.0M records exposed • April 2021
Someone scraped 700 million LinkedIn profiles—basically everyone on the platform—and sold the data. LinkedIn says it wasn't a "breach" because the data was technically public. But when you put names, emails, phone numbers, and job titles together, it becomes a perfect list for scammers to target professionals with convincing phishing attacks.
What Happened
In 2021, data of 700 million LinkedIn users (92% of all users at the time) was scraped and posted for sale. While LinkedIn argues this was scraping of public data rather than a breach, the aggregated dataset included email addresses and phone numbers not publicly visible. The data enables highly targeted phishing and business email compromise attacks.
Attack method: API scraping and data aggregation
What Data Was Exposed
Email addresses, Full names, Phone numbers, Physical addresses, Geolocation records, LinkedIn usernames, Profile URLs, Professional experience, Connected social media accounts, Inferred salaries
Is your business exposed?
What to Do If You're Affected
- 1.
Assume your LinkedIn data is public and act accordingly
- 2.
Enable two-factor authentication on LinkedIn
- 3.
Review and minimize public profile information
- 4.
Be extra vigilant about job offer and recruiter scams
- 5.
Train employees on LinkedIn-based spear phishing
- 6.
Use a secondary email for LinkedIn if possible
Lessons for Businesses
- • Public data can still be valuable when aggregated at scale
- • APIs need rate limiting and anti-scraping protections
- • Professional networking data enables targeted attacks
- • Companies may minimize incidents by calling them "scraping" not "breaches"
Sources
Related Breaches
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required