LinkedIn is currently facing a surge of account hacks, leading to numerous accounts being locked out for security reasons or, worse, being hijacked by attackers. According to a recent report by Cyberint, an increasing number of LinkedIn users have voiced their frustrations regarding these account takeovers or lockouts, with little success in finding resolution through LinkedIn support.
Attack Method
According to Cyberint’s researcher Coral Tayar, some individuals have even been coerced into paying a ransom to regain control of their accounts or have faced the permanent deletion of their accounts. Although LinkedIn has not yet made an official announcement, there are indications that their support response time has extended, with numerous reports of a significant influx of support requests.
LinkedIn support has been widely criticized for its lack of assistance in recovering breached accounts. Users have expressed their frustration on various platforms like Reddit, Twitter, and the Microsoft forums, as they continue to face unresponsiveness.
“My account was hacked 6 days ago. Email was changed in the middle of the night and I had no ability to confirm the change or prevent it,” wrote an affected user in Reddit thread about the hacks.
“No response from them anywhere. It’s pathetic. I tried reporting my hacked account, going through identity verification, and even DMing them on @linkedinhelp on twitter. No responses anywhere. What a joke of a company..”
Huge Surge in Google Trends Related to LinkedIn Account Hack
According to Cyberint, there are indications of a significant surge in Google Trends related to LinkedIn account hack or recovery. The search terms have shown a staggering increase of 5,000% in the past few months. It seems that the attackers are leveraging leaked credentials or using brute force methods to gain control over a large number of LinkedIn accounts.
For accounts that have strong passwords and/or two-factor authentication, the platform has implemented a protective measure of temporarily locking the accounts after multiple takeover attempts. These findings highlight the importance of securing our online presence and taking necessary precautions to safeguard our LinkedIn and other social media accounts.
Also Read: Sophos uncovers new connections between Hive, Royal, and Black Basta ransomware
Upon gaining access to these accounts, owners are prompted to verify their ownership by providing additional information and updating their passwords. Once verified, they can regain access to their accounts. However, when hackers successfully infiltrate poorly protected LinkedIn accounts, they promptly replace the associated email address with one from the “rambler.ru” service.
Attention @LinkedIn My LinkedIn account was compromised by the Russian platform https://t.co/6OmfbcQOkZ I've already submitted a recovery request,but it's still pending!If it's so easy to hack accounts,why is LinkedIn shelling out $100k to cyber security specialists#LinkedIn pic.twitter.com/W7CFfd3VIT
— Ahmad Noor Khan (@AHMADNOORKHAN_) August 2, 2023
Subsequently, the hijackers change the account passwords, effectively blocking the original account holders from regaining access. Disturbingly, many users have also reported that the hackers activate two-factor authentication (2FA) after hijacking the accounts, further complicating the account recovery process.
In certain instances observed by Cyberint, the attackers have demanded a small ransom in exchange for returning the accounts to their rightful owners, or even resorted to outright deleting the accounts without any demands.
What Can You Do
LinkedIn accounts have become valuable targets for social engineering, phishing, and job offer scams that can result in significant cyber-heists. With the introduction of features to combat fake profiles and inauthentic behavior, hackers have found it more practical to hijack existing accounts.
If you have a LinkedIn account, now is an opportune time to review your security measures, activate 2FA, and adopt a unique and lengthy password. Safeguarding your account is paramount in today’s digital landscape. LinkedIn is yet to make an official statement regarding the situation at the time of writing this article.
