There’s an ongoing hacking campaign targeting LinkedIn accounts, with a growing number of users reporting that their accounts have been hacked, cyber intelligence company Cyberint revealed on Monday, Aug. 14.
“This campaign is currently affecting individuals worldwide, resulting in a significant number of victims losing access to their accounts. Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts,” Cyberint said.
“While LinkedIn has not yet issued an official announcement, it appears that their support response time has lengthened, with reports of a high volume of support requests,” the blog post revealed.
Several LinkedIn users have taken to social media platforms like Reddit to complain and seek assistance from others. Hacked LinkedIn accounts could be used for social engineering campaigns and other ill-intentioned activities that may smear the reputations of individuals and organizations.
Currently, the identities of the threat actors behind this campaign are unknown.
How LinkedIn Accounts are Breached
According to Cyberint, the attackers may be using brute force or capitalizing on stolen credentials from a LinkedIn breach to take over accounts.
LinkedIn users, who have two-factor authentication enabled, have received emails from LinkedIn informing them of suspicious activity and temporarily locking their accounts, prompting them to verify their accounts and change their passwords.
However, LinkedIn users without two-factor authentication have found their accounts hacked. The threat actors change the email and password associated with the account, making it impossible for victims to regain control.
“Some victims have received ransom messages (typically requesting a few tens of dollars) to regain access, while others have witnessed their accounts being deleted outright,” Cyberint said.
Cybercriminals often target LinkedIn. In February, LinkedIn’s vice president told the Financial Times that LinkedIn job scams were becoming more sophisticated. And in 2022, cybersecurity firm Checkpoint said LinkedIn was the number one brand impersonated in phishing scams.
Securing Your LinkedIn Account
To protect your LinkedIn account from being hacked, Cyberint recommends:
- Activating two-step verification for an added layer of protection.
- Using a unique and lengthy password on LinkedIn.
- Checking your emails for notifications from LinkedIn indicating the addition of an unfamiliar email address.
We urge LinkedIn users to follow these recommendations. Read our guide to optimizing your LinkedIn privacy settings for more information about how to secure your account.
For more cybersecurity news, follow us on Twitter, Threads, and Mastodon!
