On June 22, 2021, a hacker operating under the username TomLiner posted a claim on RaidForums—a notorious dark web marketplace—that they possessed personal information on 700 million LinkedIn users. The seller advertised the dataset for approximately $5,000 and provided a sample of 1 million records as proof of authenticity.

Security researchers quickly verified the sample data. Multiple outlets including Privacy Sharks, RestorePrivacy, and Hackread.com confirmed the records were genuine and current, containing information harvested between 2020 and 2021. At the time of the incident, LinkedIn had approximately 756 million members, meaning the exposed dataset covered roughly 92-93% of the platform's entire user base.

The data exposed in the compilation included extensive personal and professional details: full names, email addresses, phone numbers, physical addresses, geolocation information, LinkedIn usernames and profile URLs, gender, work history, industry classifications, and inferred salary data. Researchers also found references to other social media accounts and usernames associated with individuals in the dataset.

LinkedIn's response centered on a critical distinction. The company, speaking through spokespeople including Leonna Spilman, stated this was not a data breach in the traditional sense. Instead, LinkedIn characterized the incident as unauthorized scraping of publicly visible profile information combined with data aggregated from other sources. Critically, the company confirmed that no private member data or passwords were compromised. LinkedIn emphasized that the scraping violated its Terms of Service and that the company actively works to prevent such activities.

This incident was not the first of its kind. Four months earlier, in April 2021, another threat actor had offered data from 500 million LinkedIn users using the same scraping methodology. The recurring nature of these incidents highlighted vulnerabilities in how public profile data could be harvested at scale.

Cybersecurity experts raised serious concerns about potential misuse. Acronis Vice President Candid Wuest and other analysts warned that even publicly-sourced personal information, when aggregated and organized, posed substantial risks. The compiled dataset could facilitate phishing attacks, extortion schemes, SIM swapping fraud, identity theft, and targeted social engineering—including deceptive job offer scams that exploit professional networking contexts.

The incident sparked broader debate within the cybersecurity and privacy communities. While LinkedIn's technical assessment that no systems were directly breached held merit, critics argued the distinction offered little comfort to affected users. When hundreds of millions of people's names, contact details, locations, and employment histories become available for criminal purchase, the practical impact resembles a breach regardless of methodology.

As of the available reports, no arrests or legal convictions related to TomLiner or the 700 million record sale have been publicly documented. The incident underscored the challenges platforms face in protecting aggregate public data while maintaining open professional networking functionality.

**Sources**

https://attacksimulator.com/blog/linkedin-breach-700m-users-exposed/

https://fortune.com/2021/06/30/linkedin-data-theft-700-million-users-personal-information-cybersecurity/

https://hackread.com/hacker-selling-linkedin-users-accounts/

https://scrubbed.net/blog/linkedin-data-leak-what-we-can-do-about-it/

700 Million LinkedIn Users' Data Sold on Dark Web Forum

Sagsdetaljer

Klassifikation: