In April 2022, LinkedIn disclosed that account information from approximately 700 million user accounts had been posted for sale on a popular hacker forum. This represents the majority of LinkedIn’s user base, making it one of the largest data breaches ever reported.
What was exposed in the LinkedIn data breach?
The posted data contained information scraped from public LinkedIn profiles, including:
- Full names
- Email addresses
- Phone numbers
- Physical addresses
- Geolocation data
- LinkedIn profile information (work experience, education, skills, etc.)
LinkedIn stated that no private account information was exposed. Financial information, messages, or social connections were not included in the breach.
How many LinkedIn users were affected?
LinkedIn has over 740 million members worldwide. The company confirmed that data from nearly 700 million accounts was posted for sale online. This represents about 92-95% of LinkedIn’s user base.
LinkedIn stressed that not every account had all of the above information exposed. The amount of data leaked varied per user. But nearly all users had some information compromised.
Total LinkedIn Users | 740 million |
---|---|
Accounts exposed in breach | 700 million |
Percentage of users affected | 92-95% |
What locations were affected?
LinkedIn has an international presence, with users spanning over 200 countries. While specific location data was not provided, LinkedIn confirmed that the breach impacted global users, not just those in a certain geography.
The most affected countries were likely those with the largest number of LinkedIn members, including:
- United States: 172 million
- India: 76 million
- China: 55 million
- United Kingdom: 33 million
- Brazil: 29 million
What types of users were impacted?
All types of LinkedIn members were likely affected. This includes:
- Individual users
- Small business owners
- Corporate employees
- Executives and management
- Students and academics
- Influencers, thought leaders, and journalists
Essentially, any LinkedIn member with a public presence on the platform was exposed in this breach.
What industries were most affected?
LinkedIn has a presence across every major industry. The top industries on LinkedIn include:
Industry | LinkedIn Members |
---|---|
IT and Services | 97 million |
Financial Services | 45 million |
Manufacturing | 33 million |
Corporate Services | 28 million |
Education | 25 million |
Workers across all of these top industries likely had their information exposed. The IT industry may have been the most heavily impacted given its size on LinkedIn.
How did the breach occur?
LinkedIn stated that the data was scraped, or extracted, from public LinkedIn profiles by an unauthorized third party. Scraping involves using automated software to harvest information from public webpages.
Scraping is against LinkedIn’s terms of service. However, the party responsible was still able to gather profile data on a massive scale before being detected.
How did LinkedIn handle the breach?
LinkedIn sent notification emails to impacted members urging them to reset passwords and enable two-factor authentication for enhanced security. They also stated they do not believe any private account information was exposed.
Beyond these notifications, LinkedIn faced scrutiny over the lack of transparency around their security practices and ability to prevent scraping.
Some critics said LinkedIn’s public opt-out approach to data gathering facilitates scraping. Others questioned if LinkedIn is taking sufficient cybersecurity measures given the sensitivity of profile data.
What risks does this breach pose?
The exposure of personal information like emails, phone numbers, and addresses raises the risk of phishing attacks. Hackers could use these details for targeted social engineering scams.
Profile information could also be used to craft persuasive spear phishing messages impersonating colleagues and connections.
Furthermore, the aggregation of professional and personal details in one place provides valuable data for credential stuffing, identity theft, and fraud.
How can users protect themselves?
There are a few steps LinkedIn users can take to enhance security following this breach:
- Reset LinkedIn password and enable two-factor authentication.
- Be wary of unsolicited emails asking you to share personal information.
- Avoid clicking links or opening attachments in suspicious emails.
- Watch out for spoofed emails impersonating LinkedIn or known contacts.
- Be alert to signs of phishing websites masked as LinkedIn login pages.
- Consider updating passwords on other accounts if you reuse the same password.
Could this breach have been prevented?
Security experts argue that LinkedIn could have taken further steps to prevent scraping and make user data more private by default. Suggestions include:
- Implementing stronger technical protections against mass automation tools.
- Requiring users to opt-in to make profiles public, rather than opt-out.
- Restricting public access to certain profile fields like email and phone number.
- Monitoring for suspicious scraping activity at a larger scale.
However, ultimately the party responsible for scraping and selling user data bears responsibility for this breach.
Conclusion
In summary, the LinkedIn data breach exposed personal information from approximately 700 million user accounts. This includes email addresses, phone numbers, and other public profile data. All types of users across industries and geographies were likely impacted. While no private account details were compromised, the breach still poses significant phishing, identity theft, and fraud risks. It also casts doubt on LinkedIn’s cybersecurity and ability to protect user data from misuse. By enhancing security features and being more prudent with default user privacy settings, LinkedIn could potentially have prevented or limited this breach.