LinkedIn Accounts Hacked in Widespread Hijacking Campaign

Cyber Security Threat Summary:
Linkedin is facing a surge of account breaches, leading to numerous accounts being either locked for security concerns or seized by malicious actors. According to a recent report from Cyberint, numerous LinkedIn users have expressed frustration over compromised accounts or access issues, with attempts to address these problems through LinkedIn support. Although, LinkedIn’s support response time has lengthened, no official statement has been made yet.

“From complaints seen by BleepingComputer on Reddit, Twitter, and the Microsoft forums, LinkedIn support has not been helpful in recovering the breached accounts, with users just getting frustrated by the lack of response. "My account was hacked 6 days ago. Email was changed in the middle of the night and I had no ability to confirm the change or prevent it," wrote an affected user in Reddit thread about the hacks. "No response from them anywhere. It's pathetic. I tried reporting my hacked account, going through identity verification, and even DMing them on @linkedinhelp on twitter. No responses anywhere. What a joke of a company.." Cyberint says there are also signs of a breakout reflected in Google Trends, where search terms about LinkedIn account hack or recovery record an increase of 5,000% over the past few months” (BleepingComputer, 2023).

The threat actors behind the attacks seem to be employing leaked login information or using brute-force methods to try and seize control of a considerable quantity of LinkedIn accounts. For accounts that have sufficient safeguards, like robust passwords and two factor authentication, the repeated takeover efforts triggered a temporary account lock as a safely precaution enforced by the platform. In such cases, account owners are then required to confirm their ownership by supplying extra details and are also prompted to change their passwords prior to being permitted to log in once more.

Security Officer Comments:
Once hackers take over vulnerable LinkedIn accounts, often changing the associated email address to one from rambler[.]ru after taking control. They then alter the password, preventing original users from accessing their accounts. These attackers sometimes activate 2FA, complicating the recovery process. Cyberint observed instances where hackers demanded a random for deleted accounts. LinkedIn accounts are valuable for various scams, including social engineering and job offer fraud, which can lead to substantial cyber-heists.

Suggested Correction(s):
Check Account Access: We strongly advise you to log into your account and confirm your continued access promptly. Also, make sure all your contact information is genuine and is yours. If you find yourself locked out and unable to recover using your email, reach out to LinkedIn support immediately.

Check if your email: Verify your email inbox for any messages from LinkedIn indicating the addition of an extra email to your account. If you didn’t initiate this action and find such an email, consider it a significant warning sign. Ensure that you can still log in to your account, change your password, and remove the added email address from your contact details.

Password Security: Employ a strong and lengthy password unique to your LinkedIn account, avoiding password reuse across platforms.

Two-Step Verification: Enabling the two-step verification feature for your LinkedIn account is highly recommended. This measure enhances security for LinkedIn and all platforms offering this option.