THREAT ALERT
Wednesday, August 16th, 2023
While nothing official has been published by LinkedIn at the time of this post, accounts on the platform appear to be coming under attack in some type of hacking campaign of unknown origin. Users are reporting on multiple other outlets that their accounts have been taken over, locked out of their accounts, and having difficulty resetting accounts to regain access
While nothing official has been published by LinkedIn at the time of this post, accounts on the platform appear to be coming under attack in some type of hacking campaign of unknown origin. Users are reporting on multiple other outlets that their accounts have been taken over, locked out of their accounts, and having difficulty resetting accounts to regain access. According to Cyberint, “Many LinkedIn users have been complaining about the account takeovers or lockouts and an inability to resolve the problems through LinkedIn support. Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts,” reports Cyberint’s researcher Coral Tayar.
(Imaged obtained from linkedin.com)
Checking LinkedIn’s support page for reporting a compromised account, there is a banner stating, “Due to high support volume, it may take longer than usual to hear back from our Support Agents.”
According to BleepingComputer from an article published on August 15, 2023,
The attackers appear to be using leaked credentials or brute-forcing to attempt to take control of a large number of LinkedIn accounts. For accounts that are appropriately protected by strong passwords and/or two-factor authentication, the multiple takeover attempts resulted in a temporary account lock imposed by the platform as a protection measure. Owners of these accounts are then prompted to verify ownership by providing additional information and also update their passwords before they’re allowed to sign in again. When the hackers successfully take over poorly protected LinkedIn accounts, they quickly swap the associated email address with one from the “rambler.ru” service.
After that, the hijackers change the account password, preventing the original holders from accessing their accounts. Many of the users also reported that the hackers turned on 2FA after hijacking the account, making the account recovery process even more difficult. In some cases observed by Cyberint, the attackers demanded a small ransom to give the accounts back to the original owners or outright deleted the accounts without asking for anything.
LinkedIn accounts can be valuable for social engineering, phishing, and job offer scams that sometimes lead to multi-million dollar cyber-heists. Especially after LinkedIn introduced features that combat fake profiles and inauthentic behavior on the platform, hijacking existing accounts has become much more pragmatic for hackers.
If you maintain a LinkedIn account, now would be a good time to review the security measures you’ve activated, enable 2FA, and switch to a unique and long password.
To reemphasize the recommendations from BleepingComputer, even if you haven’t seen any signs of account compromise or takeover, it is a good idea to be proactive and change your password and review your security settings. If you haven’t already done so, strongly consider implementing 2-factor authentication (2FA) on your account.
SOURCES:
LinkedIn accounts hacked in widespread hijacking campaign
https://www[.]bleepingcomputer[.]com/news/security/linkedin-accounts-hacked-in-widespread-hijacking-campaign/
LinkedIn Accounts Under Attack
https[:]//cyberint[.]com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/