Targeted Account Hijacking Operation Affects LinkedIn Users

A concerning ongoing Hijacking Operation Affects LinkedIn Users has emerged, specifically targeting users of the LinkedIn platform. Victims of this breach are finding themselves locked out of their accounts, with the compromised profiles held hostage for ransom.

[FREE E-BOOK] The Definite Blueprint for Cybersecurity in Manufacturing

Unveiling the Scheme Behind LinkedIn Account Takeovers

The Cyberint research team has recently detected a notable increase in discussions regarding the takeover of LinkedIn accounts across various social media platforms. A surge in Google Trends reveals a significant uptick in searches such as “LinkedIn account hacked 2023” and “LinkedIn account recovery appeal.” This surge has marked a staggering growth of over 500%.
Researchers think the attackers are either attempting to guess individuals’ passwords or utilizing login credentials stolen from a prior, undisclosed LinkedIn data breach.

Once successful in infiltrating the targeted account, the perpetrators proceed to alter the account’s associated email address to one affiliated with the Russian web service rambler.ru. Additionally, they modify the account’s password to further solidify their control over the compromised profile.

Coral Tayar, a security expert at Cyberint, commented, “By changing the email address, threat actors make it impossible for the victim to restore their account through email, making the account unrecoverable.”

“Some victims have received ransom messages (usually asking for a few tens of dollars) to get back into their accounts, while others have seen their accounts completely deleted.”
However, there’s also the possibility that the assailants aim to exploit these stolen accounts for the purpose of deceiving individuals into providing monetary funds. Alternatively, they might leverage LinkedIn conversations to gather sensitive private information (to sell or use to blackmail users).

“Hacked accounts could be used to spread harmful content, delete years’ worth of contributions, or send hurtful messages to connections, which would do a lot of damage to a person’s image,” noted Tayar. She further added, “A lot of work that users have put into building connections, followers, and reputations over time could be ruined in seconds.”

Individuals who have implemented two-factor authentication for their accounts encounter a temporary lockout. This occurs when numerous unsuccessful login attempts trigger LinkedIn’s security measures, prompting the platform to send an email notification. The email advises users to reset their password, opting for a robust one, enabling them to regain access to their account.

What’s the Recommended Course of Action?

Amidst this situation, users have reported their concerns to LinkedIn support. However, feedback on social media suggests that the company’s assistance has been limited.
On LinkedIn’s Help page, a prominent banner states, “Due to high support demand, it may take longer than usual to hear back from our Support Agents.”

Users are advised to ensure that their LinkedIn password is both unique and robust, possessing sufficient randomness to withstand brute-force and dictionary-based attacks. Additionally, enabling two-factor authentication is strongly recommended as an added layer of security.

“Check your email inbox to see if LinkedIn has sent you a message about adding another email to your account. If you didn’t ask for this email, it’s a big warning sign that you shouldn’t do what it says.” Tayar also said, “Make sure you can still log in to your account, change your password, and remove the new email address from your contact information.”

“We highly suggest that you quickly sign in to your account and confirm that you still have access. Also, make sure all your contact information is real and yours.”