THREAT ALERT

Possible LinkedIn Account Hijacking Campaign

Wednesday, August 16th, 2023

VIEW ALL THREAT ALERTS

Cyber security risk management solutions from DefenseStorm.

While nothing official has been published by LinkedIn at the time of this post, accounts on the platform appear to be coming under attack in some type of hacking campaign of unknown origin.  Users are reporting on multiple other outlets that their accounts have been taken over, locked out of their accounts, and having difficulty resetting accounts to regain access

While nothing official has been published by LinkedIn at the time of this post, accounts on the platform appear to be coming under attack in some type of hacking campaign of unknown origin.  Users are reporting on multiple other outlets that their accounts have been taken over, locked out of their accounts, and having difficulty resetting accounts to regain access.  According to Cyberint, “Many LinkedIn users have been complaining about the account takeovers or lockouts and an inability to resolve the problems through LinkedIn support.  Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts,” reports Cyberint’s researcher Coral Tayar.

(Imaged obtained from linkedin.com)

 

Checking LinkedIn’s support page for reporting a compromised account, there is a banner stating,  “Due to high support volume, it may take longer than usual to hear back from our Support Agents.”

According to BleepingComputer from an article published on August 15, 2023,

The attackers appear to be using leaked credentials or brute-forcing to attempt to take control of a large number of LinkedIn accounts.  For accounts that are appropriately protected by strong passwords and/or two-factor authentication, the multiple takeover attempts resulted in a temporary account lock imposed by the platform as a protection measure.  Owners of these accounts are then prompted to verify ownership by providing additional information and also update their passwords before they’re allowed to sign in again.  When the hackers successfully take over poorly protected LinkedIn accounts, they quickly swap the associated email address with one from the “rambler.ru” service.

After that, the hijackers change the account password, preventing the original holders from accessing their accounts. Many of the users also reported that the hackers turned on 2FA after hijacking the account, making the account recovery process even more difficult.  In some cases observed by Cyberint, the attackers demanded a small ransom to give the accounts back to the original owners or outright deleted the accounts without asking for anything.

LinkedIn accounts can be valuable for social engineering, phishing, and job offer scams that sometimes lead to multi-million dollar cyber-heists.  Especially after LinkedIn introduced features that combat fake profiles and inauthentic behavior on the platform, hijacking existing accounts has become much more pragmatic for hackers.

If you maintain a LinkedIn account, now would be a good time to review the security measures you’ve activated, enable 2FA, and switch to a unique and long password.

To reemphasize the recommendations from BleepingComputer, even if you haven’t seen any signs of account compromise or takeover, it is a good idea to be proactive and change your password and review your security settings. If you haven’t already done so, strongly consider implementing 2-factor authentication (2FA) on your account.

SOURCES:

LinkedIn accounts hacked in widespread hijacking campaign

https://www[.]bleepingcomputer[.]com/news/security/linkedin-accounts-hacked-in-widespread-hijacking-campaign/

LinkedIn Accounts Under Attack

https[:]//cyberint[.]com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/

James Bruhl

James Bruhl

Director of Cyber Threat Intelligence

James Bruhl is the Director of Cyber Threat Intelligence for DefenseStorm. He joined the company with 15 years of experience as a law enforcement officer, bringing extensive experience in crime prevention, evidence collection, investigative techniques, and crisis management. Driven by a passion for technological advancements and the ever-evolving landscape of digital threats, he transitioned to the field of digital forensics, incident response, and cybersecurity. In his role, he honed his skills in analyzing digital evidence, identifying cyber threats, and implementing robust security measures specializing in forensic examinations on various devices to uncover critical information and support investigations. James began at DefenseStorm as a security engineer in 2020 and developed DefenseStorm’s EDR Service. He was then appointed as Director of Cyber Threat Intelligence in 2022 and is responsible for nearly all facets of the EDR service. During his cyber career, James has been instrumental in proactively detecting and responding to cyber incidents and plays a vital role in incident response teams, coordination efforts to mitigate the impact of breaches, vulnerability identification, and strategy implementation to prevent future attacks. He continues to share his expertise by conducting training sessions, participating in conferences, and writing articles on topics related to digital forensics, incident response, and cybersecurity. James holds a bachelor’s in criminal justice from the University of North Georgia and a GCFE certification.