Back to blog
Cyber SecurityBusiness Operations

LinkedIn Data Leak: Why It Matters

1 July 2021Kieran Turnbull1 min read

A malicious actor scraped data from 700 million LinkedIn users and advertised it for sale online. The leaked dataset includes information from LinkedIn and potentially supplemented data from other sources.

What was leaked?

The exposed data includes:

  • Email addresses
  • Full names
  • Phone numbers
  • Physical addresses
  • Geolocation records
  • LinkedIn usernames and profile URLs
  • Professional and personal background information
  • Gender information
  • Other social media usernames

Why this matters

While LinkedIn profiles are largely public, many users restrict visibility to direct connections or their network. This breach exposed all public information regardless of privacy settings, plus sensitive personal data like phone numbers and precise location information.

The exposure creates opportunities for targeted attacks against employees. Since most LinkedIn users publicly list their employer, attackers can likely deduce business email formats (firstname.lastname@companyname), giving them access to approximately 700 million active corporate email addresses.

Business risks

Organisations should expect increased spam and phishing attempts. The greater concern involves spear phishing: targeted attacks using personal details from the leaked data to craft convincing deception.

Attackers could impersonate executives to manipulate employees into unauthorised payments or access sensitive systems. The combination of professional history and technology information creates opportunities for sophisticated social engineering campaigns.

Protective measures

Technology solutions

  • Email security gateways for spam and malware filtering
  • Multi-factor authentication (MFA) to prevent credential misuse
  • Antivirus solutions on all business devices
  • Robust backup and disaster recovery plans against ransomware

Organisational practices

  • Define clear payment authorisation procedures requiring voice confirmation
  • Implement cyber insurance coverage
  • Provide security awareness training for staff

A layered defence combining technology, processes, and employee education provides the strongest protection.