The vast amount of personal and professional information shared on social media platforms makes them attractive targets for hackers. Falling victim to a cyber-attack can at best be inconvenient and, at worst, lead to significant financial or reputational losses. It's important to know what to look out for and how to help keep sensitive data secure.

Social media threats and techniques continually evolve, reflecting the speed at which the overall cyber landscape is moving. Below are some of the key cybersecurity concerns around today's social media platforms.

Phishing attacks: LinkedIn and Facebook are among the top 10 brands ranked by brand phishing attempts1. LinkedIn users are often targeted in phishing attacks, where hackers send deceptive emails or messages pretending to be from LinkedIn. Clicking on a link in the message could lead to a fake login page allowing the attacker to collect usernames and passwords/phrases. These types of messages could also appear to come from legitimate businesses or trusted connections.

Identity theft: Through phishing or brute-force attacks2, hackers can access your personal information, including your name, email address, phone number and even your employment history. This stolen data can be used to create fake profiles or for fraudulent activities, such as applying for credit cards or loans in your name.

Account lock-out: Last year a widespread LinkedIn malicious hacking campaign locked many users worldwide out of their accounts. Some victims even ended up paying a ransom to regain control of their accounts or risk their permanent deletion. In the analysis of Google trends by Cyberint3, during 90 days in the summer of 2023, search queries such as 'LinkedIn account hacked 2023' and 'LinkedIn account restricted verify identity' increased by over 5000%.

Data breaches and data scraping: LinkedIn has sustained several high-profile data breaches. In May 2023 LinkedIn confirmed a data breach that exposed over 800 million LinkedIn users4. However, the company stated that this was not achieved by attackers hacking their servers but through data scraping5, where hackers extract data from publicly available information on the platform.

Reputational damage: A hacked LinkedIn account can have severe consequences for your professional reputation. Hackers may use your compromised account to send spam messages or post inappropriate content, damaging your credibility and relationships with your connections. They may also use your account to send phishing messages to your contacts, further spreading the attack and potentially tarnishing your professional image.

How to find out if you have been part of a data breach

Check if you have received an email from the provider telling you your personal information has been compromised. This may take weeks or months, so be alert to any recently reported data breaches and change your password/phrase if you are concerned.

Find out if your email address has already been in a data breach. This is easily done at the website Have I Been Pwned. On entering your email address, it will immediately tell you how and when your email address appeared in lists of compromised data.

Simple steps to help protect you and your data on social media

  1. Choose a unique password/phrase, ideally 12 characters, including upper and lower case letters, numbers and special characters. Change this regularly, e.g., every quarter.
  2. Enable 2-factor authentication (2FA).
  3. Set your profiles to private and vet anyone who sends a connection request.
  4. Add a phone number to your account for extra security — this can be used to reset your password/phrase if you have difficulty logging in.
  5. Avoid syncing from your phone contacts and calendar to prevent misuse of data. Synced contacts can come in your email account, your Google account and your mobile phone contacts.
  6. Limit the third-party services that have access to your account. For LinkedIn, you can view a list of authorised services in your preferences and remove the ones you don't want.
  7. Opt out of sharing your data with advertisers or researchers.
  8. Reduce the public visibility of your profile and limit the amount of personal information you share.
  9. On LinkedIn consider restricting visibility of first-level contacts for personal posts.
  10. Use caution when spreading information that could be deemed offensive, potentially false or could be used against you or your organisation.

Each of these steps take minutes or seconds to carry out but could make a big difference to the security of your account and the protection of your personal and professional data.

How Gallagher can help

In addition to cyber insurance protection, Gallagher offers expertise, advice and resources for building business resilience to withstand cyber security incidents.

connect with us


1Kass, D. Howard. Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023, 19 July 2023

2What Is A Brute Force Attack? Fortinet, accessed 7 March 2024

3Tayar, Coral. LinkedIn Accounts Under Attack, 14 July 2023

4Johnson, Dominique. LinkedIn Data Breach in 2023, 18 September 2023

5Aygun, A, The Differences Between Data Scraping and Data Mining, 11 August 2023


Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312