In 2012, LinkedIn lost the email addresses and passwords for more than 100 million users. This data is still readily available on the dark web and is a goldmine of credentials because a lot of people are lazy and either don't know or don't care about good password hygiene. In fact, reused credentials are one of the most common causes behind data breaches.
Viewing all employees
A feature like 'see all employees' can help a criminal identify targets. In terms of what they do with this information, an attacker might use their knowledge of a company's structure to pose as someone's boss or colleague and trick them into sharing confidential information or clicking a malicious link.
Viewing all connections
By reviewing an organisation's many LinkedIn connections, a hacker can start to build a detailed picture of an organisation's suppliers, technology providers and other third party services. This can help them identify potential entry points within their target's technology stack e.g. their CRM, HR or payroll systems. An understanding of which technologies are in use can also help a hacker understand what security systems may be in place and, more importantly, which systems are vulnerable.
Furthermore, imagine the scenario in which an attacker cannot infiltrate their target directly. If resourceful enough, they may try to use LinkedIn to work out which suppliers and partners they use, in a bid to infiltrate them instead. It's easy to imagine a bank's marketing agency having more lax security than the bank itself, and that's exactly why they may end up an unwitting entry point to their client's network.
New job posts offer insight into technology
When hiring technical roles, particularly IT or system admin positions, LinkedIn job posts can reveal a lot of valuable data. This can include the technology underpinning critical business operations, for instance which databases, operating systems, storage and scripting languages are in use across the organisation. For hackers, this is priceless information that can help them mount a successful attack.
Job ads can also reveal details of upcoming IT projects such as infrastructure upgrades e.g. moving to a cloud service provider. These kinds of projects may be a good entry point since security processes may be less mature and a new hacker infiltrating the network may be harder to spot while the organisation still hasn't created a baseline of normal activity.
Using curiosity to spread malware
Perhaps LinkedIn's greatest asset is its ability to tap into the curiosity of its users, but hackers can use this to their advantage too. They know that if a stranger visits someone's profile, the first thing they are likely to do is to click on their profile in an attempt to find out why. For instance, a hacker may create a fake profile and view the profiles of several targets. They could place a malicious link on their profile hoping that it is clicked by a curious target, at which point LinkedIn is effectively a delivery mechanism for malware.
Precautions to keep you safer