LinkedIn Data Breach — 500M User’s data leaked with Clear Text Password

4 min readApr 29, 2021

In April, LinkedIn is the latest victim of a massive data breach, and data of over 500 million of its users have been scraped from the platform and posted online for sale. The dataset includes sensitive information like email addresses, phone numbers, workplace information, full names, account IDs, links to their social media accounts, and gender details. The breached data is reportedly being sold by TomLiner hacker on a security forum. The hacker is asking for money in exchange for the breached data. This comes just days after a similarly massive leak of scraped data from over 500 million Facebook users was leaked.

In an official statement, a LinkedIn spokesperson told the publication,

“While we’re still investigating this issue, the posted dataset appears to include publicly viewable information that was scraped from LinkedIn combined with data aggregated from other websites or companies. Scraping our members’ data from LinkedIn violates our terms of service and we are constantly working to protect our members and their data”.

Impact of Leaked Data:

Paul Prudhomme, an analyst at security intelligence company IntSights, told Insider that the exposed data is significant because bad actors could use it to attack companies through their employees’ information. “Such attacks may be more likely to succeed due to the rise of remote work and the increased use of home or personal devices for work due to the COVID-19 pandemic,” Prudhomme said. “Attacking companies via their employees’ personal accounts and devices is one way for attackers to work around enterprise network security defenses.”

Emails with Password in ClearText

In the leaked data, observed a long list of user email and password in cleartext. I am not sure that this is an updated user's password or leaked 2012 data included, Link. The size of the compressed file is 64MBs that include emails and password of users in cleartext. Below is the sample data of this,

Protect YourSelf from Data Leaks:

Before going into detail about breached data, we need to understand how can we protect it from this type of data leak. As a user, you've depended on the safety and security provided by the services you use. It’s important to look at the safety, security, and privacy settings of the apps you use, and make sure that these are set up properly.

Beyond that, share only necessary information with digital services, and subscribe to sites like Have I Been Pwned for notifications if your email address is part of a data breach.
Frequently change your account passwords across platforms. This wouldn’t help you in a situation like the leaks from Facebook and LinkedIn but is generally good advice.
The password should ideally be a strong one and you could save it in a strong password manager for auto-fill. Also, enable two-factor authentication (2FA) wherever available, and do not accept connections, especially on LinkedIn and Facebook, from unknown people.

Leaked Data Detail:

In this breached data expose from all over the world. Let’s take a quick ride of this data. I am not using any filter for this data because now this data is publicly available.