2023-08-17
LinkedIn Accounts are Being Hijacked
LinkedIn users are reporting account takeovers. In some cases, the hackers are demanding payment to return control of the accounts and threatening to permanently delete them if payment is not made. Researchers from Cyberint say that the attacks are affecting people around the world and that analysis of Google Trends data indicates “a significant surge [in account takeovers] in the past 90 days.”
Editor's Note
If you care enough about your LinkedIn account to actually pay a ransom to get it back: Maybe you should enable 2FA. There is no indication that these attacks use any new technique. Likely, they are just phishing or guessing credentials.
Johannes Ullrich
The Cyberint writeup doesn’t really point out hacking of LinkedIn. The two scenarios are (1) Temporary Lockout where you are notified someone was trying and failing to log in; and (2) account takeover, where is usually where the password you are using was compromised somewhere else and you didn’t change in on LinkedIn and didn’t turn on two step verification on LinkedIn. (1) is a working security feature, (2) is failure to use a known needed security feature.
John Pescatore
Part of the attack involves not only compromising the password but also changing the email on the account, making recovery options impossible. If you have a LinkedIn account, make sure that you still have access, that contact information is correct (no unexpected email or phone numbers), then go into settings -> Sign in & security and make sure Two-step verification is enabled. Use the authenticator app rather than the SMS options. Also check your active sessions and devices which remember your password. LinkedIn seems to be forcing users to verify email and phone associated with their accounts.
Lee Neely
From the apparent large number of frustrated users, LinkedIn did not create an Incident Response plan for this sort of attack. While they will suffer ‘brand’ damage for a period of time, there really isn’t an alternative for business professionals. At some point LinkedIn will provide additional details of the attack and its lessons learned.
Curtis Dukes
Every application that I use daily offers strong authentication. Even my little community bank turned it on this month. A few even offer Passkeys. They are all user opt-in. Hardly any of them promotes its use. In some it was hard to find. Yet most agree that it is our single most effective, efficient, and essential cybersecurity measure.
William Hugh Murray
Read more in
Cyberint: LinkedIn Accounts Under Attack
Bleeping Computer: LinkedIn accounts hacked in widespread hijacking campaign
Dark Reading: LinkedIn Suffers 'Significant' Wave of Account Hacks
Infosecurity Magazine: Major LinkedIn Account Takeover Campaign Underway