LinkedIn Accounts Hacked & Ransomed

Uploaded on 2023-08-22 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

A widespread malicious hacking campaign has seen many LinkedIn users locked out of their accounts worldwide. While LinkedIn has not yet issued an official announcement, it appears that their support response time has lengthened, with reports of a high volume of support requests. 

After the attacks, some victims are pressured to pay a ransom to regain control of their accounts or face permanent deletion and threatened with permanent account deletion, according to a report from Cyberint,

In other instances, LinkedIn users report that they have received notification emails from LinkedIn telling them that their accounts have been temporarily locked due to "unusual activity". 

Analysis of Google Trends reveals a significant surge, of 5000%, in the past 90 days in the volume of searches related to hacked account campaigns on LinkedIn. There has also been a marked increase not just in conversations about hacked accounts on social media, but also in the frequency of searches for LinkedIn support regarding recommended actions when an account is compromised, Cyberint reported

Some LinkedIn users report that they have received notification emails from LinkedIn telling them that their accounts have been temporarily locked due to "unusual activity". These appear to be a precautionary step from the site, when they see multiple attempts to break into an account, perhaps through the use of brute force password attacks or due to multiple attempts to defeat the two-factor authentication (2FA) protection some users have enabled on accounts.

Victims have turned to social media in their attempts to regain access to their accounts, complaining about a lack of meaningful response from LinkedIn's support team.

The security problem is clearly not limited to just the LinkedIn users complaining online. Researchers found that the number of Google searches related to compromised LinkedIn accounts has seen a "significant surge" in the past 90 days. Search terms like "Linkedin account recovery appeal" and "Linkedin account hacked 2023" have been classified as a "breakout", meaning that searches for the term have grown by over 5000%. 

So, what should you do if you're worried that your LinkedIn account might be the next to be hijacked by cyber criminals? The advice to users is:

  •  Ensure that you have a strong, hard-to-crack, unique password protecting your LinkedIn account.
  • Enable 2-factor authentication on your LinkedIn account to provide an additional layer of defence if your password has been compromised. LinkedIn appears to offer both app-based 2FA and SMS-based 2FA. My preference is not to use SMS-based 2FA because of the problem of SIM swap attacks, but frankly any 2FA is better than no 2FA at all.
  • Check your LinkedIn account's settings to ensure that it is associated with an email address that you regularly check - you don't want to miss any legitimate communication from the company telling you that someone else has added their email address to your LinkedIn profile.  

LinkedIn is no stranger to being a target for cybercriminals In 2022, the platform was called the most abused brand in phishing attempts, likely due to its widespread use in the corporate and education sectors. 

In June the North Korean APT Lazarus was spotted using fake LinkedIn profiles to target security researchers in a phishing campaign. In another spear-phishing campaign discovered last July, attackers targeted LinkedIn as part of an effort to take over Facebook Business accounts to run malvertising exploits.

Cyberint:       LinkedIn:     Tripwire:    Dark Reading:    HelpNetSecurity:     The Hindu:      Image: Greg Bulla

You Might Also Read: 

Half Of Phishing Emails Target LinkedIn Accounts:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How AI & VoIP Are Revolutionizing Communications
How To Check Out Suppliers Before You Commit »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NSFOCUS Information Technology

NSFOCUS Information Technology

NSFOCUS is a global service provider and enterprise DDoS mitigation solution provider.

ForeScout Technologies

ForeScout Technologies

ForeScout delivers pervasive network security by allowing organisations to continuously monitor & mitigate security exposures & cyberattacks.

Intland Software

Intland Software

Intland offer an integrated Application Lifecycle Management platform that offers all-round Requirements, Development, and Testing & Quality Assurance functionality.

eco

eco

eco, with more than 950 member organizations, is the largest Internet industry association in Europe.

Institute for Critical Infrastructure Technology (ICIT)

Institute for Critical Infrastructure Technology (ICIT)

ICIT is a leading cybersecurity think tank providing objective research, advisory, and education to legislative, commercial, and public-sector cybersecurity stakeholders.

DTS Solution

DTS Solution

DTS Solution delivers advanced cyber security solutions through is technology partnerships with industry leading security vendors and advanced consulting services.

Global Security Network (GSN)

Global Security Network (GSN)

GSN focuses on specialized IT Security solutions & services for the military, law enforcement, critical infrastructure and oil & gas sectors in the Middle East.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

OCM Business Systems

OCM Business Systems

OCM are experts in the safe, secure and responsible disposal of IT & EPoS assets.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

British Security Industry Association - CySPAG

British Security Industry Association - CySPAG

CySPAG is a special interest group within the British Security Industry Association (BSIA) focused on reducing the risk of product related cybercrime.

IntelliGenesis

IntelliGenesis

IntelliGenesis provide comprehensive cyber, data science, analysis, and software development services that provide tailored, secure solutions for your critical data and intelligence needs.

HiScout

HiScout

HiScout is your integrated management system for IT governance, risk & compliance.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

Zokyo

Zokyo

Zokyo is a venture studio that builds, secures, and funds legendary web3/crypto businesses.

Vanta

Vanta

Vanta helps companies scale security practices and automate compliance for the industry’s most sought after standards - SOC 2, ISO 27001, HIPAA, GDPR, and other security and privacy frameworks.