The LinkedIn Breach

The LinkedIn Breach

The LinkedIn Breach

August 8, 2021 7:35 am

How did it happen? Since LinkedIn’s APIs are not accessible for unauthenticated users, it looks like it was a post-login attack that smartly avoided LinkedIn security measures.

More specifically, it was quite likely a typical enumeration bots-based attack over a long time (conducted slow attack that spans over long time), using multiple source IPs (anonymous proxies) and multiple fake user accounts to connect and then mine sensitive user data such as emails, phone numbers, and personal details.   

Why traditional solutions could not help

Standard applicative protection tools such as bot protectors and Web Application Firewalls (WAFs) are not designed for this type of attack. Traditional bot protection tools and services are known to be unable to trace multiple sources and low & slow bot attacks in real time (the “credential stuffing” pandemic springs to mind). The LinkedIn attack was definitely not detected by the WAF as being a “stateless” tool, since in-session attacks require advanced capabilities for tracing user activity at session & multi-session levels.

Recommended cybersecurity solution

L7 Defense’s Ammune™ is known for its excellent capabilities that will stop such an attack in real time. Its AI/ML engine applies various models (user, session, etc.) at once through its bot hunting algorithm, which can detect even very low bandwidth bot attacks that can last over a long time period.

Ammune™ is highly efficient in capturing these and other automated attacks aimed at abusing API functionality in different shapes and forms.

We would love to show you the capabilities of Ammune™ in a pilot. Please send an email to or simply fill out and submit the contact form at