What happened
According to public breach records, the LinkedIn Scraped Data (2021) data breach on April 8, 2021 is reported to have exposed the personal information of 125,698,496 accounts.
During the first half of 2021, LinkedIn was targeted by attackers who scraped data from hundreds of millions of public profiles and later sold them online. Whilst the scraping did not constitute a data breach nor did it access any personal data not intended to be publicly accessible, the data was still monetised and later broadly circulated in hacking circles. The scraped data contains approximately 400M records with 125M unique email addresses, as well as names, geographic locations, genders and job titles. LinkedIn specifically addresses the incident in their post on An update on report of scraped data.
In mid-2021, datasets compiled from publicly viewable LinkedIn profiles were advertised for sale on hacker forums: a roughly 500-million-record set surfaced in April 2021, and a larger set covering an estimated 700 million users (about 90% of LinkedIn's user base) appeared around June 22, 2021 on RaidForums, with a one-million-record sample posted as proof. LinkedIn investigated and publicly stated this was "not a data breach" of its systems, saying the information "was scraped from LinkedIn and other various websites" via automated collection that violated its terms of service rather than any compromise of LinkedIn servers. The exposed records consisted of profile-style information — names, email addresses, geographic locations, job titles, genders, and links to other social media profiles — and, per the published sample, did not include passwords or financial data.
What data was exposed
The following types of personal data were compromised:
- Education levels
- Email addresses
- Genders
- Geographic locations
- Job titles
- Names
- Social media profiles
Breach details
| Detail | Value |
|---|---|
| Breach name | LinkedIn Scraped Data (2021) |
| Date | April 8, 2021 |
| Accounts affected | 125,698,496 |
| Domain | linkedin.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by LinkedIn Scraped Data (2021); it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Be alert for targeted phishing and recruiter-impersonation messages, since names, email addresses, job titles and employers were exposed and make convincing lures; verify any sender that references your role or employer through a separate channel before clicking links.
- Enable two-factor authentication on your LinkedIn account and on any accounts tied to the exposed email address.
- Review and tighten your LinkedIn profile's public visibility settings to limit what automated scrapers can collect going forward.
- Watch for spam and social-engineering attempts on the other social media accounts linked in your profile, since those handles were part of the exposed data.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- An update on report of scraped data — LinkedIn News
- LinkedIn denies exposure of 700 million user records is a data breach — Computer Weekly
- LinkedIn data theft exposes personal information of 700 million people — Fortune
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →