Cybernews has discovered an unprotected 16TB database containing 4.3 billion lead-generation records. The data included professional and corporate intelligence data, such as LinkedIn URLs. The leak has now been closed, but it is unclear how long the data was exposed.
Cybernews key findings:
- Nine collections of data were uncovered inside the leaked dataset, containing a total of 4.3 billion records.
- At least three collections included personally identifiable information (PII), such as full names, emails, phone numbers, LinkedIn data, location, and social media accounts.
- The leak most likely stemmed from a common mistake where databases are left exposed without proper authentication due to human error.
- The data may have been collected within the last two years, spanning multiple regions worldwide.
What did the LinkedIn data contain?
The database exposed deeply detailed LinkedIn-derived profiles, contact information, corporate relationships, and employment histories. Time stamps indicate the data includes 2025 and earlier records.
- Full names
- Emails and phone numbers
- LinkedIn URLs and profile handles
- Position titles, employers, and employment histories
- Education, degrees, certifications
- Location data
- Languages, skills, functions
- Social media accounts
- Image URLs (unique_profiles)
- Email confidence scoring (people)
- “Apollo ID”
Was LinkedIn hacked?
Likely not. Cybernews reports that there are indications that the data may have come from a lead-generation company. The question is how that company got LinkedIn data.
Why is this dangerous?
Cybercriminals can exploit large and unprotected databases to create a gold mine. For example, attackers can use the data to carry out targeted phishing attacks. Malicious actors can cherry-pick CEOs from the dataset for CEO fraud attacks, when a head of the company is impersonated to trick employees into transferring funds.
Another exploitation is corporate reconnaissance, where humongous amounts of personal employee information are used to identify vulnerabilities that allow them to penetrate company systems.
Attackers often target major corporations as their data is a valuable asset on the dark web. Since it’s almost certain that Fortune 500 company employees are included in the list, threat actors can use the data to focus their sights on specific businesses.
Cybercriminals are as invested in AI-assisted operations as any company, and a 4.3 billion-record-strong dataset is a perfect candidate for this type of activity.
Large language models (LLMs) are capable of generating personalised messages based on user profile information. With some additional effort, tens of millions of malicious emails can be sent to victims, and it only takes one high-value target for the whole operation to be profitable for the attacker.
I’mTech’s insight: The LinkedIn data leak portends even bigger and better hacks
There are 8 billion people in the world. There are 4.3 billion records, so there are likely a lot of older records and duplicates. LinkedIn claims:
- Current active members: 1.2 billion
- 69 million companies
- 200+ countries
- 1.8 million feed updates a minute
- It’s the oldest social media platform (2003)
- Engagement rates have increased 44% YoY
- 10,000 users look for jobs every minute
- LinkedIn Ads Reach Over 14% of the Global Population
If you are a LinkedIn user, the damage is done. But change your password with haste.
I’mTech Security news and reviews.
Parts of this article were reproduced with permission from Cybernews.
