LinkedIn Vendor Cyber Rating & Cyber Score

linkedin.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Founded in 2003, LinkedIn connects the world's professionals to make them more productive and successful. With more than 1 billion members worldwide, including executives from every Fortune 500 company, LinkedIn is the world's largest professional network. The company has a diversified business model with revenue coming from Talent Solutions, Marketing Solutions, Sales Solutions and Premium Subscriptions products. Headquartered in Silicon Valley, LinkedIn has offices across the globe.

LinkedIn A.I CyberSecurity Scoring

LinkedIn

Company Details

Linkedin ID:

linkedin

Website:

https://careers.linkedin.com

Employees number:

23,908

Number of followers:

33,387,235

NAICS:

5112

Industry Type:

Software Development

Homepage:

linkedin.com

IP Addresses:

34

Company ID:

LIN_3207977

Scan Status:

In-progress

AI scoreLinkedIn Risk Score (AI oriented)

Between 750 and 799

https://images.rankiteo.com/companyimages/linkedin.jpeg
LinkedIn Software Development
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreLinkedIn Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/linkedin.jpeg
LinkedIn Software Development
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

LinkedIn

Fair
Current Score
797
Baa (Fair)
01000
6 incidents
-13.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

APRIL 2026
797
MARCH 2026
825
Breach
11 Mar 2026 • LinkedIn: Join LinkedIn now — it’s free!
LinkedIn Data Scraping Incident Exposing User Information

**LinkedIn Faces Data Scraping Incident Exposing User Information** A recent data scraping incident has exposed publicly available LinkedIn user profiles, raising concerns over privacy and unauthorized data collection. The breach, detected in early 2024, involved third-party actors extracting profile information including names, job titles, workplace details, and contact data from millions of accounts. The incident highlights the risks of large-scale data scraping, where automated tools harvest publicly accessible information without direct platform compromise. While LinkedIn’s systems were not breached, the extracted data could be used for phishing, social engineering, or targeted advertising. The company has acknowledged the activity but emphasized that no private or sensitive data (such as passwords or financial information) was accessed. This event follows similar scraping incidents in recent years, underscoring the challenges platforms face in balancing open access with user privacy. LinkedIn has implemented measures to detect and mitigate scraping attempts, though the long-term effectiveness of such protections remains under scrutiny. The exposed data’s potential misuse continues to pose risks for individuals and organizations.

796
critical -29
LIN1773246240
Incident Details -
Type
Data Scraping
Attack Vector
Automated scraping tools
Vulnerability Exploited
Publicly accessible profile information
Motivation
Phishing Social engineering Targeted advertising
Impact
Data Compromised: Names, job titles, workplace details, contact data Brand Reputation Impact: Raised concerns over privacy and unauthorized data collection Identity Theft Risk: Potential misuse for phishing or social engineering
Response
Containment Measures: Implemented measures to detect and mitigate scraping attempts Communication Strategy: Acknowledged the activity and emphasized no private or sensitive data was accessed
Data Breach
Type Of Data Compromised: Publicly available profile information Number Of Records Exposed: Millions Sensitivity Of Data: Low (publicly accessible) Data Exfiltration: Extracted by third-party actors Names Job titles Workplace details Contact data
Lessons Learned
Challenges platforms face in balancing open access with user privacy
Post Incident Analysis
Root Causes: Automated scraping of publicly accessible data Corrective Actions: Measures to detect and mitigate scraping attempts
References
Blog URL Source URL
FEBRUARY 2026
825
JANUARY 2026
825
DECEMBER 2025
832
Cyber Attack
29 Dec 2025 • LinkedIn and AWS: FIN6 exploits HR workflows to breach corporate defenses
FIN6 Skeleton Spider Campaign Targeting HR Professionals via Fake Job Applications

**FIN6 Exploits Cloud Infrastructure in Sophisticated HR-Targeted Phishing Campaign** The financially motivated cybercrime group **FIN6** (also known as *Skeleton Spider*) is leveraging **fake job applications** and **trusted cloud services** to target human resources (HR) professionals in a highly evasive social engineering campaign. Researchers at **DomainTools** uncovered the operation, which combines **professional networking platforms** like LinkedIn and Indeed with **malware-hosted cloud infrastructure** to bypass traditional security defenses. ### **How the Attack Works** 1. **Initial Contact** – Attackers pose as job seekers on professional platforms, engaging recruiters to build rapport before sending phishing emails with malicious links. 2. **Fake Resume Sites** – Domains mimicking real applicant names (e.g., *bobbyweisman[.]com*, *ryanberardi[.]com*) are registered via **GoDaddy’s anonymous services** and hosted on **AWS EC2 or S3**, blending into legitimate cloud traffic. 3. **Sophisticated Evasion** – The sites employ **traffic filtering** to distinguish targets from security researchers, checking **IP reputation, geolocation, OS, and browser fingerprints**. Only residential Windows users bypass CAPTCHA walls to receive **malicious ZIP files** containing the **More_eggs backdoor**. 4. **Malware Deployment** – **More_eggs**, a modular JavaScript backdoor, operates in memory to evade detection, enabling **credential theft, command execution, and follow-on attacks**, including ransomware deployment. ### **Why HR is a Prime Target** HR teams frequently interact with external contacts and handle unsolicited communications, making them vulnerable to **social engineering**. The campaign exploits this trust, using **realistic job lures** to bypass email filters and endpoint security. FIN6’s shift from **point-of-sale (POS) breaches** to **enterprise ransomware** underscores its evolution toward higher-value targets. ### **Cloud Abuse & Detection Challenges** Attackers favor **AWS and other cloud platforms** due to: - **Low-cost setup** (free-tier abuse or compromised billing accounts). - **Trusted IP ranges** that evade enterprise network filters. - **Scalability** for hosting malicious infrastructure. The campaign highlights gaps in **perimeter-based security**, as traditional defenses struggle to detect threats embedded in **legitimate cloud services**. Security teams are advised to monitor for **unusual traffic patterns** and **suspicious file types** linked to cloud-hosted malware. ### **AWS Response & Broader Implications** An **AWS spokesperson** stated the company enforces **terms prohibiting illegal use** and acts swiftly on abuse reports. However, the incident raises questions about balancing **cloud accessibility** with **security controls**, particularly as threat actors increasingly exploit **trusted infrastructure**. FIN6’s operation demonstrates how **low-complexity phishing**, when paired with **cloud evasion techniques**, can outmaneuver even advanced detection tools—reinforcing the need for **holistic security strategies** that address both **technical and human vulnerabilities**.

824
low -8
LINAWS1766995316
Incident Details -
Type
Phishing/Social Engineering, Malware Delivery
Attack Vector
Phishing emails with malicious links, fake resume portfolios hosted on AWS
Vulnerability Exploited
Human psychology (trust in job applications), abuse of trusted cloud infrastructure (AWS EC2/S3)
Motivation
Financial gain, credential theft, follow-on attacks (e.g., ransomware deployment)
Impact
Data Compromised: Credentials, sensitive employee data, system access Systems Affected: HR systems, corporate networks Operational Impact: Potential disruption of HR operations, follow-on attacks (e.g., ransomware) Brand Reputation Impact: Potential reputational damage due to compromised HR processes Identity Theft Risk: High (credential theft, PII exposure)
Response
Containment Measures: AWS Trust & Safety abuse reporting process, disabling prohibited content Remediation Measures: Layered defenses, enhanced monitoring for unusual traffic patterns/file types, additional verification procedures for resume submissions Enhanced Monitoring: Recommended (vigilance for unusual traffic patterns or file types)
Data Breach
Type Of Data Compromised: Credentials, personally identifiable information (PII), sensitive employee data Sensitivity Of Data: High (PII, credentials, HR data) Data Exfiltration: Possible (More_eggs malware enables follow-on attacks) File Types Exposed: Malicious ZIP files containing JavaScript-based malware (More_eggs) Personally Identifiable Information: Yes (credentials, HR data)
Lessons Learned
Traditional perimeter security is insufficient against social engineering tactics. Organizations must adopt holistic security strategies that account for human factors alongside technological defenses. HR personnel are increasingly targeted due to their regular interaction with external contacts.
Recommendations
Implement comprehensive training programs for HR personnel on phishing and social engineering risks. Adopt additional verification procedures for resume submissions and external communications. Enhance monitoring for unusual traffic patterns or file types (e.g., ZIP files from unexpected sources). Use layered defenses (e.g., behavioral WAF, network segmentation) to detect and block malicious activity. Report abuse of cloud services (e.g., AWS) to platform providers for takedown. Maintain vigilance for cloud-hosted phishing sites using trusted IP ranges.
Initial Access Broker
Entry Point: LinkedIn, Indeed (professional networking platforms) Backdoors Established: More_eggs malware (JavaScript backdoor) High Value Targets: HR professionals, recruiters
Post Incident Analysis
Exploitation of trust in professional networking platforms (LinkedIn/Indeed). Abuse of trusted cloud infrastructure (AWS EC2/S3) to host malicious content. Sophisticated traffic filtering to evade detection (IP reputation, geolocation, OS fingerprinting). Use of CAPTCHA to bypass automated security scanners. Lack of verification procedures for external communications in HR workflows. Implement stricter verification for external communications (e.g., resume submissions). Enhance monitoring for cloud-hosted phishing sites using trusted IP ranges. Train HR personnel on social engineering risks and phishing tactics. Adopt layered security defenses (e.g., behavioral WAF, network segmentation). Collaborate with cloud providers to report and disable abusive content.
References
Blog URL Source URL
NOVEMBER 2025
833
OCTOBER 2025
833
SEPTEMBER 2025
832
AUGUST 2025
832
JULY 2025
832
JUNE 2025
832
Vulnerability
04 Jun 2025 • VMware
Multiple Cross-Site Scripting (XSS) Vulnerabilities in VMware NSX

Multiple Cross-Site Scripting (XSS) vulnerabilities in the VMware NSX network virtualization platform could allow malicious actors to inject and execute harmful code. The security bulletin published on June 4, 2025, details three distinct vulnerabilities affecting VMware NSX Manager UI, gateway firewall, and router port components, with CVSS base scores ranging from 5.9 to 7.5. The vulnerabilities include a stored XSS flaw in NSX Manager UI, a stored XSS in gateway firewall response pages, and a stored XSS in router port configurations. VMware has released patches addressing all three vulnerabilities across affected product lines, emphasizing the need for immediate updates to mitigate the risk of privilege escalation and persistent XSS attacks.

830
medium -2
133614060625
Incident Details -
Type
Vulnerability
Attack Vector
Stored XSS
Vulnerability Exploited
CVE-2025-22243: Stored XSS Vulnerability in NSX Manager UI CVE-2025-22244: Stored XSS in Gateway Firewall Response Pages CVE-2025-22245: Stored XSS in Router Port Configurations
Motivation
Privilege Escalation Credential Theft Lateral Movement
Impact
VMware NSX Manager UI Gateway Firewall Router Port Configurations
Response
Patching
Recommendations
Immediately upgrade to the patched versions of VMware NSX
Post Incident Analysis
Inadequate input sanitization Privileged access requirements Patching
References
Blog URL Source URL
MAY 2025
832
DECEMBER 2016
801
Breach
01 Dec 2016 • LinkedIn
Lynda.com Security Breach

Lynda.com now LinkedIn Learning, was informing its consumers of a security breach. The firm claims that an unauthorised third party gained access to a database that contained user data. The company began informing its clientele that hackers had gained access to learning data, including attempted courses and contact information. The company's owner, LinkedIn, verified the issue and disclosed that, as a precaution, the passwords of 55,000 users had been reset. It is possible that 9.5 million users were affected in total. LinkedIn disclosed further steps to safeguard user accounts on Lynda.com in reaction to the data leak.

770
critical -31
LIN1136181123
Incident Details -
Type
Data Breach
Attack Vector
Unauthorized Access
Impact
Learning Data Contact Information
Response
Passwords reset for 55,000 users Informing customers about the breach
Data Breach
Learning Data Contact Information Potentially 9.5 million users
Customer Advisories
Informing customers about the breach
References
Blog URL Source URL
JUNE 2016
829
Breach
16 Jun 2016 • LinkedIn
LinkedIn Data Breach

LinkedIn suffered a data breach incident in 2016 which exposed the email addresses and passwords of 117 million users. Hackers broke into the network, stole a database of password hashes, and posted some 6.5 million account credentials on a Russian password forum for the world to see. LinkedIn’s Chief Information Security Officer Cory Scott took the safety and security of members’ accounts seriously and offered protection tools such as email challenges and dual factor authentication.

796
critical -33
LIN12220522
Incident Details -
Type
Data Breach
Attack Vector
Network Intrusion
Motivation
Data Theft
Impact
Data Compromised: Email addresses and passwords
Response
Remediation Measures: Offered protection tools such as email challenges and dual factor authentication
Data Breach
Type Of Data Compromised: Email addresses and passwords Number Of Records Exposed: 117 million Data Encryption: Password hashes Personally Identifiable Information: Email addresses
References
Blog URL Source URL
JUNE 2012
839
Breach
16 Jun 2012 • LinkedIn Corporation
LinkedIn Data Breach (2016)

The California Office of the Attorney General disclosed a **data breach** affecting **LinkedIn Corporation** in **June 2016**, stemming from an earlier **2012 incident** that was rediscovered. The breach exposed **117 million user accounts**, compromising **email addresses, hashed passwords, and LinkedIn member IDs**. Although passwords were invalidated for accounts created before 2012 as a mitigating measure, the incident highlighted significant vulnerabilities in LinkedIn’s historical security practices. The exposed data, while hashed, posed risks of credential stuffing, phishing, and unauthorized account access if decryption attempts succeeded. The breach did not involve financial or highly sensitive personal data (e.g., Social Security numbers), but the scale of exposed credentials—one of the largest at the time—undermined user trust and required widespread password resets. LinkedIn faced reputational damage and regulatory scrutiny, though no direct financial fraud or identity theft was reported as a direct consequence of this specific breach.

809
critical -30
LIN026090625
Incident Details -
Type
Data Breach
Impact
email addresses hashed passwords LinkedIn member IDs Brand Reputation Impact: Potential reputational damage due to exposure of 117 million accounts Identity Theft Risk: High (due to exposure of email-password combinations)
Response
Law Enforcement Notified: Yes (California Office of the Attorney General) Containment Measures: Passwords for accounts created before the 2012 breach were invalidated
Data Breach
email addresses hashed passwords LinkedIn member IDs Number Of Records Exposed: 117 million Sensitivity Of Data: Moderate to High (hashed passwords and email addresses) Data Exfiltration: Yes Data Encryption: Hashed (passwords) Personally Identifiable Information: Yes (email addresses linked to member IDs)
Regulatory Compliance
Regulatory Notifications: California Office of the Attorney General
Initial Access Broker
Data Sold On Dark Web: Likely (historical context of 2012 breach data resurfacing)
Post Incident Analysis
Root Causes: Legacy data from 2012 breach resurfaced; inadequate long-term protection of hashed credentials
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for LinkedIn is 797, which corresponds to a Fair rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2026 was 825.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2026 was 825.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2026 was 825.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 833.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 833.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 833.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 832.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 832.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 832.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 832.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 832.

Over the past 12 months, the average per-incident point impact on LinkedIn’s A.I Rankiteo Cyber Score has been -13.0 points.

You can access LinkedIn’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/linkedin.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view LinkedIn’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/linkedin.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.