LinkedIn Accounts Hacked & Ransomed

Uploaded on 2023-08-22 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

A widespread malicious hacking campaign has seen many LinkedIn users locked out of their accounts worldwide. While LinkedIn has not yet issued an official announcement, it appears that their support response time has lengthened, with reports of a high volume of support requests. 

After the attacks, some victims are pressured to pay a ransom to regain control of their accounts or face permanent deletion and threatened with permanent account deletion, according to a report from Cyberint,

In other instances, LinkedIn users report that they have received notification emails from LinkedIn telling them that their accounts have been temporarily locked due to "unusual activity". 

Analysis of Google Trends reveals a significant surge, of 5000%, in the past 90 days in the volume of searches related to hacked account campaigns on LinkedIn. There has also been a marked increase not just in conversations about hacked accounts on social media, but also in the frequency of searches for LinkedIn support regarding recommended actions when an account is compromised, Cyberint reported

Some LinkedIn users report that they have received notification emails from LinkedIn telling them that their accounts have been temporarily locked due to "unusual activity". These appear to be a precautionary step from the site, when they see multiple attempts to break into an account, perhaps through the use of brute force password attacks or due to multiple attempts to defeat the two-factor authentication (2FA) protection some users have enabled on accounts.

Victims have turned to social media in their attempts to regain access to their accounts, complaining about a lack of meaningful response from LinkedIn's support team.

The security problem is clearly not limited to just the LinkedIn users complaining online. Researchers found that the number of Google searches related to compromised LinkedIn accounts has seen a "significant surge" in the past 90 days. Search terms like "Linkedin account recovery appeal" and "Linkedin account hacked 2023" have been classified as a "breakout", meaning that searches for the term have grown by over 5000%. 

So, what should you do if you're worried that your LinkedIn account might be the next to be hijacked by cyber criminals? The advice to users is:

  •  Ensure that you have a strong, hard-to-crack, unique password protecting your LinkedIn account.
  • Enable 2-factor authentication on your LinkedIn account to provide an additional layer of defence if your password has been compromised. LinkedIn appears to offer both app-based 2FA and SMS-based 2FA. My preference is not to use SMS-based 2FA because of the problem of SIM swap attacks, but frankly any 2FA is better than no 2FA at all.
  • Check your LinkedIn account's settings to ensure that it is associated with an email address that you regularly check - you don't want to miss any legitimate communication from the company telling you that someone else has added their email address to your LinkedIn profile.  

LinkedIn is no stranger to being a target for cybercriminals In 2022, the platform was called the most abused brand in phishing attempts, likely due to its widespread use in the corporate and education sectors. 

In June the North Korean APT Lazarus was spotted using fake LinkedIn profiles to target security researchers in a phishing campaign. In another spear-phishing campaign discovered last July, attackers targeted LinkedIn as part of an effort to take over Facebook Business accounts to run malvertising exploits.

Cyberint:       LinkedIn:     Tripwire:    Dark Reading:    HelpNetSecurity:     The Hindu:      Image: Greg Bulla

You Might Also Read: 

Half Of Phishing Emails Target LinkedIn Accounts:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How AI & VoIP Are Revolutionizing Communications
How To Check Out Suppliers Before You Commit »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

MIS Training Institute (MISTI)

MIS Training Institute (MISTI)

MISTI is the international leader in audit and information security training, with offices in the US and London.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

aDolus Technology

aDolus Technology

aDolus delivers a robust solution for safeguarding against counterfeit or malicious software and firmware in mission-critical systems.

ChainSecurity

ChainSecurity

ChainSecurity provides products and services for securing smart contracts and blockchain protocols and conducts R&D in the areas of security, program analysis, and machine learning.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

Illuma Labs

Illuma Labs

Illuma Labs delivers real-time voice authentication and fraud prevention solutions.

Tabidus Technology

Tabidus Technology

Tabidus Technology is a cybersecurity association that unites and provides the global protection options against cyber threats.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

Fletch

Fletch

Fletch’s AI tracks the evolving cybersecurity threat landscape by reading and interpreting every threat article every day and matching those threats to a company’s exposure.

CyBourn

CyBourn

Cybourn's diverse offerings include engineering, analysis, product development, assessment, and advisory services in the cybersecurity space.