LinkedIn suffered a credential breach in 2012 when attackers accessed user account data through a misconfiguration. The stolen data was not publicly surfaced until 2016, when it appeared for sale on a dark web marketplace. At that point, researchers confirmed the breach affected approximately 164 million accounts, though the records figure for this entry reflects 77.5 million verified affected users. The exposed data consisted of email addresses and password hashes. The passwords were stored using SHA-1, a weak hashing algorithm, with no salting, a technique that would have made cracking significantly harder. Because the hashes were unprotected in this way, the vast majority were cracked within days of the data's public release. Any user who reused their LinkedIn password on other services faced immediate risk of account takeover across email, banking, and other platforms. No major regulatory action was publicly reported in connection with this breach. LinkedIn did prompt password resets for affected accounts after the 2016 disclosure. The four-year gap between the original breach and its public exposure means many users had no opportunity to act in time. Affected individuals should treat any password used on LinkedIn in 2012 as fully compromised, and check whether that password was reused elsewhere.

Professional networking platforms collect identity, employment history, education, contact details, social connections, messaging, recruiting activity, and behavioral engagement data across career and hiring workflows.

LinkedIn continues to operate as a major Microsoft business with steady revenue growth and broad engagement across talent, marketing, premium subscriptions, and sales products. Microsoft reported LinkedIn revenue growth of 9% in FY25 Q2, with continued growth across all lines of business even as hiring-market softness affected some Talent Solutions demand.