What is the LinkedIn data breach and how can I protect myself?

For many of us, LinkedIn can be a useful platform for finding a job, networking, or learning career skills. Since the site works as our online CV, we are required to share personal information including our names, email address, current/ previous jobs, and where we went to school. But what if this data was leaked? 

Last month, a security breach exposed the personal data of 700 million LinkedIn users – this is over 90% of the site’s total. The data was put up for sale on an online hacking forum, with some reportedly requesting $5,000 for completed datasets.  

In an official statement, LinkedIn said that “this is not a data breach and no private LinkedIn member data was exposed”. Following an investigation, the company concluded that its systems were not compromised but the data was “scraped from LinkedIn and other various websites”. 

However, according to the researchers, whilst the exposed data did not include login details or financial information, it did include: 

  • Full names 
  • Email addresses 
  • Phone numbers 
  • Employment information 
  • Geolocation records 
  • LinkedIn usernames and profile URLs 
  • Other social media accounts and usernames 

The user advertising the data online reportedly claimed it was obtained by exploiting LinkedIn’s application program interface (API) and harvesting personal information uploaded by users to the site. The same method was used within another breach on the site in April this year, where the information of 500 million users was sold online in a similar attack. 

This places users at risk of identity theft, phishing attempts, or even hackers using details to create full profiles of those affected. 

So what does this mean for LinkedIn users, and how can they protect their privacy online? 

How can I protect myself? 

If you’re a LinkedIn user and you’re worried about your data being breached, there are a couple of steps you can take to keep your information safe: 

  • Turn on Two-Step Verification. If your account is logged into from an unrecognisable device, LinkedIn will automatically send an SMS containing a verification code. This will stop a hacker from changing or accessing your account from unfamiliar locations. 
  • Make your passwords difficult to guess. For example, avoid putting ‘12345’ or using personal details, and try to include a special character. 
  • Check your privacy settings. You might not have considered that whoever you connect with can access your personal information, including your activity feed, phone number or email address. Check if there’s anything you’re sharing you’d like to make private. 

Interested in finding out more about how to protect yourself from getting hacked? Check out some of our other posts: