LinkedIn strengthens its infrastructure after suffering a data leak of 4.3 billion records

In late November and early December 2025, security researchers detected one of the largest data exposures ever recorded, involving 4.3 billion professional records. During this period, a large database containing professional information from billions of records was identified as being publicly accessible on the internet. The finding was initially reported by cybersecurity media outlets and later amplified by the generalist and international technology press. The event came to light amid growing global concern about the massive use of public data and automated scraping.

The data included names, job titles, companies, email addresses, phone numbers, and other information associated with professional profiles similar to those on LinkedIn. Those most affected are professionals and workers from multiple countries, whose data could be used for phishing, fraud, or social engineering campaigns. According to published investigations, this was not a direct attack on LinkedIn or any other specific platform, but rather data collected by third parties and left exposed on a misconfigured server.

Following notification from the researchers, the repository was secured and made inaccessible to the public within a few days, although it was not possible to determine how long it had been available or who had accessed the information. To date, no specific official statement has been issued by LinkedIn or Microsoft acknowledging direct responsibility in this case, reinforcing the theory that the data was aggregated by intermediaries.