9 Million+ LinkedIn Profiles Put in Darknet for FREE

On Wednesday, we came across an interesting post where an actor was “giving away” LinkedIn resumes (or giving it for free) – per the actor, the data is from 2015-2018. The locations were mostly from European region as below:

Cyble researchers downloaded the file for further analysis :

In total there were ~9.4 million JSON objects, each JSON object is a user’s public Linkedin profile, certain profiles have an individual’s CV.

Here is a sample directory:

The fields on each file is below (essentially scapped data from Linkedin, mostly):

id ,loc__geo ,loc__country ,loc__country_code ,loc__state ,loc__state_code ,loc__county ,loc__msa ,social__youtube ,social__github ,social__wordpress ,social__facebook ,social__foursquare ,social__tumblr ,social__google ,social__personal ,social__instagram ,social__twitter ,social__vimeo ,social__flickr ,social__blogspot ,social__email ,social__stackoverflow ,er__youtube ,er__github ,er__wordpress ,er__facebook ,er__foursquare ,er__tumblr ,er__google ,er__personal ,er__instagram ,er__twitter ,er__vimeo ,er__flickr ,er__blogspot ,er__email ,er__stackoverflow ,certifications__subtitle ,certifications__title ,jscoreHistory ,experienceCurrent__date ,experienceCurrent__description ,experienceCurrent__company ,experienceCurrent__position ,completeness ,diverse ,connections ,recommendationCount ,neoId ,jscore ,downloadedAt ,industry ,fullname ,interests ,recommendations ,skills ,companyPrevious ,summary ,courses ,text ,languages ,languagesList ,educationList ,headline ,companyCurrent ,groups ,location ,na_companyCurrent ,na_location ,na_headline ,canonical ,scrapeId ,picture ,url ,na_skills ,jscore_date ,na_industry ,na_fullname ,userActiveLogs ,urls ,military ,extractorId

Sample file (verified with the actual profile):

Source of the data: The data appears to have been scrapped from people’s LinkedIn profile. The actor alleged that they don’t have the data related to other countries at this point. However, given the scale of this leak, it won’t surprise us if that’s the case in reality.

We recommend:

  • People to tighten the privacy settings of their public LinkedIn profile
  • Stay vigilant of suspicious connection requests, and in the event of noting a fake/suspicious profile, report that to the LinkedIn support team for further actions

Cyble is currently indexing the data on AmiBreached.com and will be notifying its subscribers soon if they are affected.

On a separate note, we have shared an update on the Indian IDs leaked issue here.

About Cyble:

Cyble is a US-based cyber threat intelligence company with the express mission to provide organizations with real-time views of their supply chain cyber threats and risks.

Recent Blogs


Cyble analyzes recent hacktivism claims by Anonymous Sudan impacting US entities including Microsoft Corporation.

Read More »

Cyble analyzes LockBit Ransomware, which is distributed via malicious documents, specifically targeting users in Korea.

Read More »

Cyble analyzes a new malware “HelloTeacher” masquerading as popular messaging app to target banking users from Vietnam and steals sensitive data.

Read More »
Scroll to Top