LinkedIn Accounts Hacked & Ransomed

Uploaded on 2023-08-22 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

A widespread malicious hacking campaign has seen many LinkedIn users locked out of their accounts worldwide. While LinkedIn has not yet issued an official announcement, it appears that their support response time has lengthened, with reports of a high volume of support requests. 

After the attacks, some victims are pressured to pay a ransom to regain control of their accounts or face permanent deletion and threatened with permanent account deletion, according to a report from Cyberint,

In other instances, LinkedIn users report that they have received notification emails from LinkedIn telling them that their accounts have been temporarily locked due to "unusual activity". 

Analysis of Google Trends reveals a significant surge, of 5000%, in the past 90 days in the volume of searches related to hacked account campaigns on LinkedIn. There has also been a marked increase not just in conversations about hacked accounts on social media, but also in the frequency of searches for LinkedIn support regarding recommended actions when an account is compromised, Cyberint reported

Some LinkedIn users report that they have received notification emails from LinkedIn telling them that their accounts have been temporarily locked due to "unusual activity". These appear to be a precautionary step from the site, when they see multiple attempts to break into an account, perhaps through the use of brute force password attacks or due to multiple attempts to defeat the two-factor authentication (2FA) protection some users have enabled on accounts.

Victims have turned to social media in their attempts to regain access to their accounts, complaining about a lack of meaningful response from LinkedIn's support team.

The security problem is clearly not limited to just the LinkedIn users complaining online. Researchers found that the number of Google searches related to compromised LinkedIn accounts has seen a "significant surge" in the past 90 days. Search terms like "Linkedin account recovery appeal" and "Linkedin account hacked 2023" have been classified as a "breakout", meaning that searches for the term have grown by over 5000%. 

So, what should you do if you're worried that your LinkedIn account might be the next to be hijacked by cyber criminals? The advice to users is:

  •  Ensure that you have a strong, hard-to-crack, unique password protecting your LinkedIn account.
  • Enable 2-factor authentication on your LinkedIn account to provide an additional layer of defence if your password has been compromised. LinkedIn appears to offer both app-based 2FA and SMS-based 2FA. My preference is not to use SMS-based 2FA because of the problem of SIM swap attacks, but frankly any 2FA is better than no 2FA at all.
  • Check your LinkedIn account's settings to ensure that it is associated with an email address that you regularly check - you don't want to miss any legitimate communication from the company telling you that someone else has added their email address to your LinkedIn profile.  

LinkedIn is no stranger to being a target for cybercriminals In 2022, the platform was called the most abused brand in phishing attempts, likely due to its widespread use in the corporate and education sectors. 

In June the North Korean APT Lazarus was spotted using fake LinkedIn profiles to target security researchers in a phishing campaign. In another spear-phishing campaign discovered last July, attackers targeted LinkedIn as part of an effort to take over Facebook Business accounts to run malvertising exploits.

Cyberint:       LinkedIn:     Tripwire:    Dark Reading:    HelpNetSecurity:     The Hindu:      Image: Greg Bulla

You Might Also Read: 

Half Of Phishing Emails Target LinkedIn Accounts:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How AI & VoIP Are Revolutionizing Communications
How To Check Out Suppliers Before You Commit »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Aurec

Aurec

Aurec provides specialist recruitment and contracting services including ICT professionals.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

X-act Forensics

X-act Forensics

X-act forensics are computer forensic experts with experience in cases of computer fraud, intellectual property theft, and social networking cases.

bwtech@UMBC

bwtech@UMBC

The bwtech@UMBC Cyber Incubator is an innovative business incubation program that delivers business and technical support to start-up and early-stage cybersecurity/IT products and services companies.

ESNC

ESNC

ESNC’s vulnerability management and real-time SAP security monitoring solutions help largest corporations in the world to effectively prioritize SAP security tasks and secure their business.

DeviceAssure

DeviceAssure

DeviceAssure enables organizations to reliably identify counterfeit and non-standard devices with a real-time check on a device's authenticity.

Salient Law

Salient Law

Salient Law is a virtual law firm that specialises in advising providers and users of technology on contracts involving technology.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

Soffid

Soffid

Soffid provides full Single-Sign-On experience and full Identity and Access Management features by policy-based centralised orchestration of user identities.

Venustech

Venustech

Venustech is a leading provider of network security products, trusted security management platforms, specialized security services and solutions.

CyberUSA

CyberUSA

CyberUSA is a collaboration of leaders and states focused on a common mission purpose of enabling innovation, education, workforce development, enhanced cyber readiness and resilience.

AdvIntel

AdvIntel

AdvIntel is a next-generation threat prevention and loss prevention company launched by a team of certified investigators, reverse engineers, and security experts.

IT.ie

IT.ie

IT.ie are a comprehensive provider of Managed IT Services, Cloud Solutions, Cyber Security, and proactive IT support services.

ThreatMate

ThreatMate

ThreatMate empowers businesses with comprehensive tools to detect, protect, and remediate against cyber threats.

Andesite

Andesite

Andesite is delivering sustained advantage to cyber defense teams through technology and community.