With a growing reliance on social media comes an increased risk of hacking and data theft. Keeping up to date with the latest threats can be challenging, but it’s important to know what to look out for and how to help keep sensitive data secure.

Author: Johnty Mongan


The vast amount of personal and professional information shared on social media platforms makes them attractive targets for hackers. Falling victim to a cyber-attack can at best be inconvenient and, at worst, lead to significant financial or reputational losses.

Social media threats and techniques continually evolve, reflecting the speed at which the overall cyber landscape is moving. Below are some of the key cybersecurity concerns of today’s social media platforms.

Phishing attacks: LinkedIn and Facebook are among the top ten brands ranked by their appearance in brand phishing attempts1. LinkedIn users are often targeted by phishing attacks, where hackers send deceptive emails or messages pretending to be from LinkedIn. Clicking on a link within the message could lead to a fake login page allowing the attacker to collect usernames and passwords. These types of messages could also appear to come from legitimate employers or trusted connections.

Identity theft: Through phishing or brute-force attacks, hackers can access your personal information, including your name, email address, phone number, and even your employment history. This stolen data can be used to create fake profiles or commit fraudulent activities, such as applying for credit cards or loans in your name.

Account lock-out: Last year, a widespread LinkedIn malicious hacking campaign saw many users locked out of their accounts worldwide, resulting in a significant number losing access to their accounts. Some victims even ended up paying a ransom to regain control of their accounts or risk their permanent deletion. In the analysis of Google trends by Cyberint2, during 90 days in the summer of 2023, search queries such as ‘LinkedIn account hacked 2023’ and ‘LinkedIn account restricted verify identity’ increased by over 5,000%.

Data breaches and data scraping: LinkedIn has experienced several high-profile data breaches in the past, exposing millions of user accounts and personal information. In May 2023, LinkedIn confirmed a data breach that exposed over 800 million LinkedIn users3. However, the company stated that this was not achieved by attackers hacking their servers but through data scraping, where hackers extract data from publicly available information on the platform.

Reputational damage: A hacked LinkedIn account can have severe consequences for your professional reputation. Hackers may use your compromised account to send spam messages or post inappropriate content, damaging your credibility and relationships with your connections. They may also use your account to send phishing messages to your contacts, further spreading the attack and potentially tarnishing your professional image.

How to find out if you have been part of a data breach

  • Check if you have an email from the provider telling you your personal information has been compromised. This may take weeks or months, so be alert to any recently reported data breaches on the news and change your password if you are concerned.
  • Find out if your email address has already been in a data breach. This is easily done at the website Have I Been Pwned. On entering your email address, it will immediately tell you how and when your email address appeared within lists of compromised data.

Simple steps to help protect you and your data on social media

  1. Choose a unique password, ideally 12 characters, including upper and lower case letters, numbers and special characters. Change this password regularly, e.g., every quarter.
  2. Enable 2-Factor Authentication (2FA).
  3. Set your profiles to private and vet anyone who sends a connection request.
  4. Add a phone number to your account for extra security — this can be used to reset your password if you have difficulty logging in.
  5. Avoid syncing from your phone contacts and calendar to prevent misuse of data. Synced contacts can come in your email account, your Google account and your mobile phone contacts.
  6. Limit the third-party services that have access to your account. For LinkedIn, you can view a list of authorised services in your preferences and remove the ones you don’t want.
  7. Opt out of sharing your data with advertisers or researchers.
  8. Reduce the public visibility of your profile and limit the amount of personal information you share.
  9. On LinkedIn, consider restricting visibility of first-level contacts.
  10. Use caution when spreading information that could be deemed offensive, potentially false, or could be used against you or your organisation.

Each of these steps take minutes or seconds to carry out but could make a big difference to the security of your account and the protection of your personal and professional data.

Author Information


1. Kass, D. Howard. Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023 Msspalert.com (19 July 2023)

2. Tayar, Coral. LinkedIn Accounts Under Attack Cyberint.com (14 July 2023)

3. Johnson, Dominique. LinkedIn Data Breach in 2023 Partnersplus.com (18 September 2023)


The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.