9 Million+ LinkedIn Profiles Put in Darknet for FREE

On Wednesday, we came across an interesting post where an actor was “giving away” LinkedIn resumes (or giving it for free) – per the actor, the data is from 2015-2018. The locations were mostly from European region as below:

Cyble researchers downloaded the file for further analysis :

In total there were ~9.4 million JSON objects, each JSON object is a user’s public Linkedin profile, certain profiles have an individual’s CV.

Here is a sample directory:

The fields on each file is below (essentially scapped data from Linkedin, mostly):

id ,loc__geo ,loc__country ,loc__country_code ,loc__state ,loc__state_code ,loc__county ,loc__msa ,social__youtube ,social__github ,social__wordpress ,social__facebook ,social__foursquare ,social__tumblr ,social__google ,social__personal ,social__instagram ,social__twitter ,social__vimeo ,social__flickr ,social__blogspot ,social__email ,social__stackoverflow ,er__youtube ,er__github ,er__wordpress ,er__facebook ,er__foursquare ,er__tumblr ,er__google ,er__personal ,er__instagram ,er__twitter ,er__vimeo ,er__flickr ,er__blogspot ,er__email ,er__stackoverflow ,certifications__subtitle ,certifications__title ,jscoreHistory ,experienceCurrent__date ,experienceCurrent__description ,experienceCurrent__company ,experienceCurrent__position ,completeness ,diverse ,connections ,recommendationCount ,neoId ,jscore ,downloadedAt ,industry ,fullname ,interests ,recommendations ,skills ,companyPrevious ,summary ,courses ,text ,languages ,languagesList ,educationList ,headline ,companyCurrent ,groups ,location ,na_companyCurrent ,na_location ,na_headline ,canonical ,scrapeId ,picture ,url ,na_skills ,jscore_date ,na_industry ,na_fullname ,userActiveLogs ,urls ,military ,extractorId

Sample file (verified with the actual profile):

Source of the data: The data appears to have been scrapped from people’s LinkedIn profile. The actor alleged that they don’t have the data related to other countries at this point. However, given the scale of this leak, it won’t surprise us if that’s the case in reality.

We recommend:

  • People to tighten the privacy settings of their public LinkedIn profile
  • Stay vigilant of suspicious connection requests, and in the event of noting a fake/suspicious profile, report that to the LinkedIn support team for further actions

Cyble is currently indexing the data on AmiBreached.com and will be notifying its subscribers soon if they are affected.

On a separate note, we have shared an update on the Indian IDs leaked issue here.

About Cyble:

Cyble is a US-based cyber threat intelligence company with the express mission to provide organizations with real-time views of their supply chain cyber threats and risks.

Scroll to Top