Is Scraping LinkedIn Legal in 2026? (I Was Sued by LinkedIn)

TL;DR

If you're asking is scraping LinkedIn legal in 2026, the narrow answer is: scraping public LinkedIn data is not automatically criminal under the CFAA after hiQ. The useful answer, the one that matters if you run a company, buy data, or build product on top of it, is harsher: legal does not mean safe. LinkedIn can still drag you into a civil lawsuit, use its User Agreement against you, demand your code, your downstream data, your customer list, and a couple years of your life. I know because I was sued by LinkedIn, and Proxycurl and I have since settled.

“Just because it is legal doesn't mean that LinkedIn won't have any recourse. The TOS are a contract and if they can prove damages because Apollo and Seamless violated that contract they may have a claim against them.”

Apollo and Seamless booted from LinkedIn?
by u/Far_Tomorrow7860 in r/sales

📥 Free download: LinkedIn Data Risk Checklist for Founders and Buyers
A practical audit checklist to find LinkedIn-derived data hiding in your vendors, browser tools, databases, model pipelines, and Git history.
Download now →

Factor	Public scraping after hiQ	Buying from a broker	Building on LinkedIn-derived data	Winner
Criminal exposure	⭐⭐⭐⭐☆	⭐⭐⭐⭐☆	⭐⭐⭐⭐☆	Tie
Contract safety	⭐☆☆☆☆	☆☆☆☆☆	☆☆☆☆☆	None
Civil lawsuit risk	⭐⭐☆☆☆	⭐☆☆☆☆	☆☆☆☆☆	Public scraping, narrowly
Business durability	☆☆☆☆☆	☆☆☆☆☆	☆☆☆☆☆	None
Discovery survivability	⭐☆☆☆☆	⭐☆☆☆☆	☆☆☆☆☆	Barely public scraping
Long-term founder sanity	☆☆☆☆☆	☆☆☆☆☆	☆☆☆☆☆	None
Overall score	1.86/5	1.14/5	0.71/5	Do not build here

Why I'm writing this

The day we signed the settlement, I understood something I had spent ~6 years arguing against: there is no version of building on LinkedIn data that is safe. Not scraping, not buying from a broker, not “just enriching.” Not any of it.

I was a named defendant in LinkedIn Corporation v. Nubela Pte. Ltd., Proxycurl LLC, Steven Goh, and Bach Le, filed in the Northern District of California on January 24, 2025, Case No. 3:25-cv-00828. Proxycurl and I have settled the case with LinkedIn. I am not going to relitigate it here, and I'm not going to disclose settlement terms beyond that line.

What I am going to do is tell you what I wish someone had told me in 2019, when I wrote a post titled Is LinkedIn Scraping Legal? on Nubela's blog. That post is still up. I still stand by the narrow CFAA analysis in it. What I no longer stand by is the comforting inference people took from it, namely: “therefore LinkedIn data is safe to build on.” That part was wrong.

And yes, that is a painful sentence to write.

Most founders, RevOps teams, and buyers of B2B data operate on a cartoon version of legal risk. They think the question is binary. Legal or illegal. Fine or not fine. That's not how this works once a real plaintiff with real lawyers shows up.

Legal ≠ Safe

If you only remember one line from this article, make it this one: legal is not the same thing as safe.

When people ask, “is scraping LinkedIn legal,” they usually mean one of four different things and mash them together:

Criminal law: can the state prosecute me?
Civil statutory liability: can a private plaintiff sue me under a statute, like the CFAA under 18 U.S.C. § 1030(g)?
Contract liability: did I breach the User Agreement?
Everything else: unfair competition, misappropriation, trademark, unjust enrichment, the usual kitchen-sink stuff.

The case everyone cites is hiQ Labs v. LinkedIn, 31 F.4th 1180 (9th Cir. 2022). What that case actually gave people was a narrow win on a narrow question: scraping public LinkedIn pages did not cleanly fit the CFAA's “without authorization” theory in that posture.

What it did not hold:

that LinkedIn scraping is generally safe
that contract claims disappear
that California state-law claims disappear
that buying LinkedIn-derived data from someone else saves you
that a cease-and-desist is a joke

This is where I need to eat my own cooking a bit.

My 2019 post literally said: “You'd still have to be compliant with websites' ToS.” It also said: “Deal with public [LinkedIn] profiles only? Ok. Scrape [LinkedIn] profiles with fake logged-in accounts? Not ok.” People remembered the headline. They forgot the caveat. Frankly, I probably underestimated how badly that caveat would matter in the real world.

So if you want the operator answer to is scraping LinkedIn legal in 2026, here it is: public scraping may be outside one narrow CFAA theory, but that does not make your business safe from LinkedIn. Those are different questions, and confusing them is how people end up burning years of their life.

The User Agreement catches everyone

This is the part most people in B2B data have not actually read. They talk about “public data” as if that ends the discussion. It doesn't. The contract is the tripwire.

Almost everyone reading this is bound by it

LinkedIn's complaint says the platform had over one billion members at the time. If you have a LinkedIn account, had one, or your company has a LinkedIn Page, you almost certainly clicked into a contract.

LinkedIn's current User Agreement says, in plain English, that by creating an account or accessing or using the services, you're entering a legally binding contract. This is not subtle. This is not buried in a weird annex. It's up front.

That matters because breach of contract is the cleanest, least romantic claim in the world. No hacking movie soundtrack. No hand-wringing about whether scraping is “theft.” Just: you agreed to this, then you did the thing you said you would not do.

The Agreement does not stop at scraping

Most people know there is a scraping clause. Fewer people know there is a buyer clause.

From LinkedIn's User Agreement, § 8.2(2):

“Develop, support or use software, devices, scripts, robots or any other means or processes (such as crawlers, browser plugins and add-ons or any other technology) to scrape or copy the Services...”

Fine. That's the obvious one.

Now read § 8.2(4):

“Copy, use, display or distribute any information (including content) obtained from the Services, whether directly or through third parties (such as search tools or data aggregators or brokers), without the consent of the content owner...”

That phrase, “whether directly or through third parties ... data aggregators or brokers,” is the line most buyers have never internalized.

If you're a LinkedIn member and you bought a CSV, enrichment feed, or “professional contacts” dataset from a broker, and any of that came from LinkedIn, LinkedIn has a very obvious place to point in its contract. Public or not public does not save you there. “We bought it from a vendor” does not save you there. “The vendor is outside the US” does not save you there.

Then there is § 8.2(11):

“Rent, lease, loan, trade, sell/re-sell or otherwise monetize the Services or related data or access to the same, without LinkedIn's consent.”

And § 8.2(13):

“Use bots or other unauthorized automated methods to access the Services...”

This is not a narrow anti-scraping rule. It's a whole perimeter.

Pages pull companies in too

If your company has a LinkedIn Page, congratulations, the company clicked into this too.

The complaint against us walked through Nubela's and Proxycurl's Pages and pointed out that creating a Page required affirmative agreement to LinkedIn's Pages terms, which incorporate the User Agreement. It also used that contract theory, together with forum-selection language, to pull a Singaporean company and a Wyoming LLC into the Northern District of California.

This is the part people skip because it feels administrative. It isn't. Your company page is not just a marketing asset. It's also a signed piece of paper, functionally speaking.

Deleting your account does not save you

This one tends to stop people cold.

Section 5 of LinkedIn's User Agreement contains a survival clause. It says the following survive termination: Sections 4, 6, 7, and 8.2.

Section 8.2 is the whole “Dos and Don'ts” machinery. Scraping, copying, third-party broker use, resale, bots. All of it.

And Section 6, the governing law and dispute machinery, survives too.

Translation: you do not get to click “close account” and magically un-sign the contract you already signed. If you were bound, the restrictions that matter here can keep traveling with you.

The practical consequence

If you are, or ever were, a LinkedIn member or Page admin, and you buy, use, resell, or build on LinkedIn-derived data, LinkedIn has a plausible contract story against you.

Notice I said plausible. I'm being precise here.

Whether they sue is their business decision. Whether they can build a complaint around it is a different question. And after being the person on the receiving end, I no longer think founders should comfort themselves with the second question.

“I got logged out of my account and LinkedIn gave me a warning that they detected automation software and I could get banned if it continues. It’s annoying because I wasn’t automating anything but I did delete the Apollo extension asap.”

With the Linkedin crackdown on Apollo, Seamless etc.,what tools do ...
by u/FreshPrince2308 in r/sales

What the complaint actually said

Abstract legal debates are cute right up until you read a real complaint with your own name in it.

Six claims, stacked

LinkedIn's complaint against us stacked six claims:

Breach of contract
Fraud and deceit under California Civil Code §§ 1572 and 1710
Computer Fraud and Abuse Act
California Unfair Competition Law under Bus. & Prof. Code § 17200
Trademark dilution by tarnishment under the Lanham Act
Misappropriation

This matters because even if you think half of that is bullshit, you still have the other half. Federal litigation does not need every claim to be a winner in order to wreck your year.

They used my own blog post against me

This was the most humbling part for me personally.

LinkedIn quoted my own 2019 blog post as an admission against interest. Not a competitor's rant. Not some internal Slack leak. My own published writing.

From Complaint ¶60:

“Defendants caution that 'lines are blurred should you choose to scrape another's website, without their explicit permission or in disregard of their Terms of Service (ToS). This is where things become a little tricky. Freely extracting data from another site could be argued as trespassing or theft.'”

From ¶61:

“Defendants are aware that 'very clear evidence' that scraping is unlawful is 'creation of fake accounts to access otherwise-inaccessible users' data.'”

And again from ¶61:

“Defendants aptly summed it up: 'Clearly fraudulent activities are a big no-no in web scraping.'”

I wrote those lines to be responsible and nuanced. LinkedIn used them to show that I knew the terrain was dangerous.

That's not LinkedIn being sneaky. That's just litigation.

If you run a data company and publicly write about the legal edges of your business, assume every sentence might one day get printed, highlighted, and handed to a judge. Because it might.

The prayer for relief is the scary part

The complaint's prayer for relief is the part founders should read twice.

Complaint ¶121 asked for:

“An order requiring Defendants to destroy all documents, data, and other items, electronic or otherwise, in their possession, custody, or control, that were wrongfully extracted and copied from LinkedIn's website, along with any data that Defendants have inferred, aggregated, or synthesized as a result of data wrongfully extracted and copied from LinkedIn's website...”

Then ¶122:

“An order requiring Defendants to destroy all software code and other instrumentalities for scraping LinkedIn's platform...”

Then ¶123:

“An order requiring Defendants to notify all customers that purchased or otherwise acquired access to scraped data from LinkedIn of any decision or award against Defendants..."

Read ¶121 again. “Inferred, aggregated, or synthesized.”

That is not just “delete the raw rows.” That reaches downstream derivatives. If your model weights were trained on LinkedIn-derived features, good luck explaining why those weights are spiritually different. If your product dashboards, scores, or enrichment layers were built on top of disputed data, they're in the blast radius too.

This is where people who say “we don't scrape, we just enrich” are kidding themselves.

Discovery is the punishment

The complaint is the visible part. Discovery is where your life gets expensive.

Six claims means six fishing lines

Every claim opens a different line of attack.

Breach of contract? They want evidence you agreed, knew, and breached.

CFAA? They want to talk about authorization, account use, access patterns, infrastructure, proxies, browser flows.

Trademark? They want marketing materials, website copy, extension screenshots, sales collateral.

UCL and misappropriation? Enjoy the broad sweep.

One lawsuit can become six parallel excavations into how your company actually works.

Everything gets opened up

If you have never been close to discovery, here's the operator version.

It means, potentially:

every email matching terms like linkedin, scrape, extension, proxy, captcha, sales nav
every Slack thread where someone made a cute joke about “borrowing” data
every Git commit touching scrapers, browser automation, parsers, login flows, anti-detection workarounds
every Jira ticket and CI log
every database schema that ever stored a LinkedIn URL, member ID, or copied profile field
every vendor deal with proxy providers, browser farms, CAPTCHA solvers, data brokers
every customer contract tied to those outputs
every old bucket or backup you forgot existed

This is why I say legal is not the same as safe. You can have a debate-worthy legal theory and still be completely, utterly unsafe as a business.

The asymmetry is the point

LinkedIn's complaint was signed by Munger, Tolles & Olson.

That matters.

There is an economic asymmetry baked into this system. A company like LinkedIn can spend millions on litigation and keep functioning. A bootstrapped or venture-backed data company can be legally interesting and economically dead at the same time.

Settlement is often not some moral confession. Sometimes it is just arithmetic.

That was true in my world too. I am not going to pretend otherwise.

Why buyers should care too

If you buy LinkedIn-derived data from a vendor and LinkedIn sues the vendor, you do not get to stay magically offstage.

You can get subpoenaed.

Your procurement emails get read. Your Slack messages get read. Your “do we know where this really comes from?” messages get read. Your diligence process, or lack of one, gets exposed.

The buyer fantasy is that the vendor is the shield. In reality, the vendor is often just the first domino.

“You will get banned, all your accounts, if you continue to bypass, there will be threat of legal action. it’s not sustainable buisness model.”

Linked In Scraping legal Situation?
by u/Jaded_Marionberry771 in r/n8n

Apollo and Seamless were the warning shot

My case was not the beginning of enforcement. It was one rung on a ladder.

Public reporting from MarTech said that sometime around March 6, 2025, Apollo.io and Seamless.ai disappeared from LinkedIn. LeadGenius and LiGo both wrote about the removals as part of a broader crackdown on scraping and extension-based data extraction.

The important part is not whether every outsider interpretation of motive is perfect. The important part is that LinkedIn removed official Company Pages without filing a public lawsuit first.

That tells you a lot.

There is a graduated enforcement ladder here:

account restrictions
automation warnings
Page removals
cease-and-desist letters
federal complaint

The ladder is real because we have seen multiple rungs in the wild.

And once you understand that ladder, the question is scraping LinkedIn legal in 2026 starts sounding childish. Sorry, but it does. The adult question is: what can LinkedIn do to me, contractually and operationally, before I ever get a chance to win an argument on the merits?

That answer is: quite a lot.

“Apollo & Seamless had their entire company pages deleted from Linkedin yesterday for violating their terms of service by scraping data”

With the Linkedin crackdown on Apollo, Seamless etc.,what tools do ...
by u/FreshPrince2308 in r/sales

And if you want the market's blunt version, here's one from X:

LinkedIn has no official MCP server. While clever, this is a browser scraper using your credentials, one LinkedIn policy change from breaking, and one ToS violation from getting your account banned. Cool hack. Risky business tool.
— Mister Lee (@MisterLeeHODL) Sun Apr 12 23:12:03 +0000 2026

I think that post is basically right.

Cool hack. Risky business tool.

The only safe path is data without LinkedIn

This is the point where I stopped arguing the other side.

If you are building, using, or scaling with B2B data, the only durable path I trust now is: use data that does not have LinkedIn as a source.

Not “mostly not.” Not “not directly.” Not “we only use it for enrichment.”

Not at all.

What no LinkedIn data actually means

This standard is stricter than most founders want to hear.

It means:

no LinkedIn-sourced rows in production, staging, dev, or notebooks
no LinkedIn URLs, member IDs, or copied profile fields in code paths
no LinkedIn content in training data, prompt corpora, eval sets, or fine-tuning runs
no browser extensions touching linkedin.com
no vendor whose vendor touched LinkedIn
no old Git blobs with scraper code “but we deleted that months ago”
no archived backups you are hoping nobody asks about

Because here's the problem: once the bell has been rung, you do not get to unring it.

If your model has seen the data, the provenance problem is now inside the model. If your customer-facing product is downstream of it, the problem moved downstream with it.

This is exactly why a clean-room posture is so much cheaper than a litigated cleanup.

Why I'm building NinjaPear this way

I am building NinjaPear with a zero-LinkedIn-data posture. Not as a marketing gimmick. As a survival rule.

NinjaPear is a B2B company intelligence platform, and the whole point is that it is built on other lawful, durable, public-web and first-party style signals, not on LinkedIn. If I mention products here, it is only because they reflect that posture: the Customer Listing API maps customer and partner relationships from the public web, and the NinjaPear docs are explicit about data ownership and ethical sourcing.

I'm not interested in clever workarounds anymore.

I did the clever phase already.

Now I care about whether a company can still exist in 10 years.

And for me, after being sued, the answer is straightforward: if LinkedIn data touched the building, the company has a timer on it.

One more thing, because people always ask this after I explain the posture.

Neither NinjaPear nor I maintain a LinkedIn profile now. No member account. No Company Page. No Showcase Page. Nothing.

The reason is not that we want to scrape LinkedIn. We do not. The reason is simpler: the User Agreement is broad enough, and survives long enough, that the only exposure level I trust is zero.

Some people will call that excessive. Fine.

After living through a real complaint, “excessive” is the first level of caution I actually believe.

My actual answer

So, is scraping LinkedIn legal in 2026?

My answer is this:

Narrow legal answer: scraping public LinkedIn pages is not automatically criminal under the CFAA after hiQ.
Real founder answer: no version of building on LinkedIn data is safe.
Buyer answer: buying it from a broker does not magically clean the provenance.
Operator answer: the User Agreement is the trap, discovery is the punishment, and the business risk is bigger than the headline legal question.

If you are already using LinkedIn-derived data, assume LinkedIn's lawyers walk into your office tomorrow and subpoena everything.

Ask yourself four ugly questions:

Can you prove where every row came from?
Can you state under oath whether your models saw LinkedIn-derived data?
Can you notify every affected customer if forced to?
Can your runway survive discovery?

If those questions make your stomach tighten, that is your answer.

This article is not legal advice. Talk to your own counsel for your own situation. But from one operator to another, I can tell you this much with more conviction than I had in 2019: do not build your company on LinkedIn data.

If you need a practical next step, audit your stack this week. Vendors, extensions, CRM fields, model inputs, old buckets, Git history, all of it. Start with the checklist below.

📥 Free download: LinkedIn Data Risk Checklist for Founders and Buyers
Use it to audit browser extensions, vendor provenance, database fields, training data, backups, and customer exposure before somebody else does it for you.
Download now →

If you're building a data product from scratch, start with sources that do not route through LinkedIn at all. That is the only posture I trust now. It is the posture I'm building with NinjaPear, and it is the one I would recommend to any founder I actually like.

References

Nubela, Is LinkedIn Scraping Legal? https://nubela.co/blog/is-linkedin-scraping-legal/
hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180 (9th Cir. 2022).
LinkedIn Corporation v. Nubela Pte. Ltd., Proxycurl LLC, Steven Goh, and Bach Le, Case No. 3:25-cv-00828, Complaint (N.D. Cal. Jan. 24, 2025). Matter subsequently settled.
LinkedIn User Agreement, effective Nov. 20, 2024. https://www.linkedin.com/legal/user-agreement
LeadGenius, LinkedIn’s Crackdown on Data Scrapers: Why Apollo.io and Seamless.ai Were Targeted, and Who’s Next? https://www.leadgenius.com/resources/linkedins-crackdown-on-data-scrapers-why-apollo-io-and-seamless-ai-were-targeted--and-whos-next
LiGo, LinkedIn Bans Apollo & Seamless: Major Data Scraping Crackdown https://ligosocial.com/blog/linkedins-major-crackdown-on-data-scraping-apollo-and-seamless-company-pages-gone
18 U.S.C. § 1030. https://www.law.cornell.edu/uscode/text/18/1030