Security researchers have identified that a widespread LinkedIn malicious hacking campaign has seen many users locked out of their accounts worldwide.
Some users who have had their access to their LinkedIn accounts blocked by the cybercriminals changing their passwords have been pressured into paying a ransom, according to a report from Cyberint, and threatened with permanent account deletion.
In other instances, LinkedIn users report that they have received notification emails from LinkedIn telling them that their accounts have been temporarily locked due to “unusual activity”. These appear to be a precautionary step from the site, when they see multiple attempts to break into an account, perhaps through the use of brute force password attacks or due to multiple attempts to defeat the two-factor authentication (2FA) protection some users have enabled on accounts.
As the researchers note, victims have turned to social media in their attempts to regain access to their accounts, complaining about a lack of meaningful response from LinkedIn’s support team.
The security problem is clearly not limited to just the LinkedIn users complaining online.
The researchers found that the number of Google searches related to compromised LinkedIn accounts has seen a “significant surge” in the past 90 days. Search terms like “Linkedin account recovery appeal” and “Linkedin account hacked 2023” have been classified as a “breakout”, meaning that searches for the term have grown by over 5000%.
The first some LinkedIn users will have known about the problem is if they received an email from LinkedIn telling them that a new email address had been added to their account from the rambler.ru domain. The new unauthorised user of the account then changes the password on the account, preventing access by the original user.
It appears that the malicious hackers have also been enabling 2FA on breached accounts, something the original owners will probably be kicking themselves for not having turned on beforehand.
What’s clearly very disappointing is that the news of the malicious hacking campaign has come from independent researchers, and not from LinkedIn itself. Despite the many complaints and pleas for help from LinkedIn users who have been locked out of their accounts, the company has made no public statement at the time of writing.
So, what should you do if you’re worried that your LinkedIn account might be the next to be hijacked by cybercriminals?
- Ensure that you have a strong, hard-to-crack, unique password protecting your LinkedIn account.
- Enable two-factor authentication on your LinkedIn account to provide an additional layer of defence if your password has been compromised. LinkedIn appears to offer both app-based 2FA and SMS-based 2FA. My preference is not to use SMS-based 2FA because of the problem of SIM swap attacks, but frankly any 2FA is better than no 2FA at all.
- Check your LinkedIn account’s settings to ensure that it is associated with an email address that you regularly check. After all, you don’t want to miss any legitimate communication from the company telling you that someone else has added their email address to your LinkedIn profile.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire.