*Open doors in the digital front garden

What a LinkedIn experiment reveals about the state of IT security in Germany

A field report paints an uncomfortable picture of the situation.

There is this myth in IT security: attacks are becoming increasingly sophisticated, complex and technologically advanced. And then there's the reality: sometimes all it takes is a premium account in LinkedIn Sales Navigator, a little patience and a surprising amount of human help.

A LinkedIn security vulnerability that shouldn't be one

During an analysis, I came across a constellation that cannot be described as a classic bug. Rather a feature with security-related side effects.

Under certain privacy settings, LinkedIn allows paying users to view the email address with which people have registered. And in many cases, this is not the business address, but the private address (often with gmx, web, yahoo, hotmail, gmail and co.).

In other words, exactly the address at which:

• password resets end up
• online banking hangs
• various accounts converge

In other words: a person's central digital identity.

No exploit. No hack. No darknet access necessary. Just a combination of default settings and a tool that is actually intended for sales.

Why this is highly attractive from an attacker's point of view

Modern cyberattacks rarely start in the corporate network. They start with identities. And what emerges here is an almost perfect OSINT scenario:

• Verified email address
• Clear assignment to company and role
• Context through profile, network and career

This is not "nice to have".
This is ready-curated attack material.

From the LinkedIn profile to the attack chain

The real danger only unfolds through interaction: First, the email address is extracted. This is followed by a comparison with known data leaks, for example via Have I Been Pwned. And suddenly you not only know who the person is, but also where they may have already been compromised.

This is where it becomes operational:

• Password reuse is tested (credential stuffing)
• Password patterns are derived
• Targeted phishing campaigns are prepared

And then comes the decisive change of perspective:

The attack does not take place in the company - but in private life.

Because that's where it happens:

• rarely MFA
• hardly any monitoring
• significantly less skepticism

A well-crafted phishing attack on a CIO's private email often has better chances than any attack on the company network.

Social engineering 2026: "Connecting" instead of "hacking"

Perhaps the most elegant and at the same time most worrying part: many profiles are not initially that open. But they become so... after a contact request. And these are accepted surprisingly often.

Even if there is no personal connection, no message is included and the sender is completely unknown. In practice, this means that an attacker does not even have to access existing data. They can actively "unlock" it. Scalable. Can be automated. Effective.

Thousands of requests out.
Some are accepted.
And suddenly exactly the information that was previously protected is visible.

You are not hacked. You are networked.

We live in a time when it's somehow cool to have as many followers as possible. What we smile at other generations on TikTok and the like, we suddenly find ourselves practising on LinkedIn...

Field test: when theory meets reality

To make the risk more tangible, I contacted 30 IT managers (CIOs, CTOs, CISOs, IT managers and so on). Of course, they were all affected by the issue described above and all had private email addresses that had demonstrably already been leaked and appeared to be very valid. (In fact, there were also some exemplary users who used addresses specifically for LinkedIn. For example linkedin@eigenedomain.de

The message was deliberately neutral: no sales copy, no pitch, just a reference to a potential vulnerability I found in their accounts. And, of course, just before a public holiday (because we all know when the bad guys like to strike ...)

The reactions read like a brief picture of the state of IT security culture:

• Two people were interested and wanted details
• One person blocked me directly
• Another replied in a friendly manner - and thankfully declined
• The rest: read, ignored

The statement was particularly noteworthy:

"LinkedIn is a private matter"

This is about as technically sound as: "My front door key has nothing to do with the security of my office. Even if I might have the transponder for the office in my pocket on the kitchen table."

The inconvenient truth: it can also be done properly

To be fair, there were also positive examples. Some profiles were configured correctly:

• no unnecessary visibility
• Clear separation of private and business data
• Explicit email addresses for LinkedIn only

These show: The problem is neither complex nor expensive to solve.

...and then there's the gray area

A third category is particularly critical: profiles that appear safe at first glance, but accept contact requests completely unchecked.

After networking:

→ Access to additional information

This is almost ideal from an attacker's point of view:

• no more technical protection takes effect
• Trust is implicitly present
• Further communication appears legitimate

This is where a configuration issue becomes a real social engineering gateway.

The real problem: we (often) think too technically

Many security strategies focus on networks, systems, tools and so on. And of course, this is also extremely important and we ourselves offer exciting and good solutions for this.

But attackers also focus on:

• Identities
• relationships
• trust

And platforms like LinkedIn are precisely the interface where these two worlds collide.

Cybersecurity does not start in the data center

What this example shows is not an isolated case. It is a structural problem. Companies invest in:

• Zero Trust architectures
• SIEM systems
• endpoint security

And overlooked:

• publicly accessible identity data
• platform-based attack surfaces
• human behavior as the primary attack vector

Recommendations for action (concrete and immediately implementable)

For individuals:

• Set email visibility to "only for me" (screenshot below)
• Use business address as primary login email (further screenshot below)
• Separate private and professional identities
• Activate multi-factor authentication
• Regular leak check via services such as Have I Been Pwned

For companies:

• Integrate social media risks into security awareness
• Define clear guidelines for professional profiles
• Train identity-based attack scenarios
• Include OSINT perspective in threat modeling
• And maybe take a look at our solutions in this area ;)

Our conclusion at RIEDEL Networks

Cybersecurity is no longer just about the data center.

It begins:

• with identities
• with configurations
• with everyday platforms like LinkedIn

And above all:

the willingness to take tips seriously.

Perhaps the most important insight from this experiment is therefore not of a technical nature:

The biggest weakness is rarely the technology.
It is how we deal with it.

Or, to put it more pointedly:

While we are discussing highly complex attack scenarios,
attackers are often satisfied with a much simpler approach:

A contact request - and an open door.

*This article was created with the help of ChatGPT, taking into account current market events. The prompt creation and supervision of the article was carried out by the author, who sees his opinion represented here.

About the author:

Timo Imbrogno is Director Marketing at RIEDEL Networks, certainly not an IT expert, but a nerd at heart and likes to take a look behind the scenes from time to time. He found his first bug at the start of his professional career, when Facebook was still all the rage. Back then, it was in the publishing function of fan pages and custom apps, which were still really (!) popular at the time.

From time to time, his fingers get itchy and he looks at things not just from a marketing perspective, but with his very own view of things. He also likes to use unconventional approaches to clarify his point of view or to make people think. One example of this is the advertising material exchange station at IT-SA 2024.

His contributions deliberately move at the interface between specialist knowledge and humor - and invite you to look at even complex topics from an unusual perspective.

About RIEDEL Networks

RIEDEL Networks is a privately held, global network provider focused on customized networks. We are listed in the Gartner Magic Quadrant for Global WAN Services as a niche provider specializing in mid-sized international enterprises and the media and events sector. With our own global backbone, we help companies to be connected worldwide. Our services include internet connectivity, MPLS, SD-WAN, SASE, Cloud Connect, security and much more. Our customers come from various industries and value quality, security and reliability. RIEDEL Networks is a 100% company of the RIEDEL Communications Group in Wuppertal, Germany, and is fully privately owned by Thomas Riedel.