You've Been Scraped 2018 Data Breach

You've Been Scraped' LinkedIn Profile Data Aggregation Exposure (2018): 66 Million Professional Profiles Including Job Title & Employer Left in Open Database | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

UnknownScraping / CollectionEmail AddressEmployerFull NameGeographic LocationJob InformationSocial Media Profile
Low SeverityAggregated / marketing data

You've Been Scraped' LinkedIn Profile Data Aggregation Exposure (2018): 66 Million Professional Profiles Including Job Title & Employer Left in Open Database

Scraped professional profile and contact data.

Verified by ObscureIQ Intelligence
18/100Breach Risk Index
9Data Value
10Market Recency
2771dSince Breach

Breach Intelligence Summary

Entity: You've Been Scraped · Actor: Unknown (data aggregator, unidentified) · Sources: 2 references
Attack: Scraping / Collection
Profile: Synthetic / Scraped Dataset · Scraped professional profile and contact data · LinkedIn-scraped profile corpus · Global
Timeline: Breach (2018-10-05) · Indexed (Dec 06, 2018) · Year (2018)
Exposure: 66.1M records · 6 fields: Email Address, Employer, Full Name, Geographic Location, Job Information, Social Media Profile
Status: Scrape

Executive Summary

In October and November 2018, a researcher discovered several unprotected MongoDB instances, believed hosted by a data aggregator, containing over 66 million records scraped from LinkedIn. The data owner could not be identified. Exposed records included names, work and personal email addresses, job titles, employers, geographic data, and links to LinkedIn profiles. Systems were not breached; the data was scraped and left exposed.

ObscureIQ assessment: High risk of spearphishing, executive targeting, and business relationship mapping. Scraped profile data is especially useful because it is already structured for outreach and impersonation.

Breach Impact

The professional profile data supports targeted spear-phishing, business-email-compromise reconnaissance, and enrichment of other datasets; no credentials were exposed.

About You've Been Scraped

"You've Been Scraped" is not a company but a name given to a set of exposed databases holding professional profile data believed scraped from LinkedIn by an unidentified data aggregator.

Why They Hold Your Data

Scraped professional-profile corpora aggregate names, job titles, employers, contact details, and profile-linked records from professional networking sources into bulk datasets.

Recent Developments

A researcher found the unprotected MongoDB instances in late 2018; the owner of the data was never identified.

Data Points Exposed

6 verified field types
Email Address
Employer
Full Name High
Geographic Location
Job Information
Social Media Profile

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Low
Primary downstream threats:
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
  • Employment-based social engineering using job and employer data
  • Social media account targeting and impersonation
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Business Email Compromise seeding
  • Name-based social engineering
  • Pattern-of-life analysis & physical surveillance
  • Vishing & authority impersonation
  • Account impersonation & social graph harvesting

Threat Actor: Unknown (data aggregator, unidentified)

Unknown (data aggregator, unidentified)
Scraping / Collection

Attribution and method are based on available breach intelligence. Reported attack vector: Scraping / Collection.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the You've Been Scraped breach?

In October and November 2018, a researcher discovered several unprotected MongoDB instances, believed hosted by a data aggregator, containing over 66 million records scraped from LinkedIn. The data owner could not be identified. Exposed records included names, work and personal email addresses, job…

What data was exposed?

Verified fields include Email Address, Employer, Full Name, Geographic Location, Job Information, Social Media Profile.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation