Your LinkedIn account may be at risk from cyber criminals

August 30, 2023

The Police Cyber Security Company – the National Management Centre – has added its voice of concern to the ongoing media reports that LinkedIn may be experiencing one of its most significant cyber hacks to date.

Over the past few weeks large numbers of users have reported being locked out of their accounts and many have reported account hijacks and takeovers. The implication is that there is an ongoing campaign by threat actors to obtain and take over a mass number of LinkedIn accounts.

Whilst LinkedIn have not officially confirmed this, cyber analysts have noted that search terms such as ‘LinkedIn account hacked’, ‘LinkedIn account recovery’ and ‘breakout’ rose by up to 5000% in the past week. There has also been a steady rise of complaints on forums across the net with many users citing LinkedIn’s failure to respond to calls for help.

The attackers appear to be attempting to gain control of a large number of LinkedIn accounts by using leaked credentials or brute forcing. While the type of accounts being targeted do not appear to be connected, the effect of the takeover attempts can lead to temporary lockout for account holders – something which many users are currently experiencing. LinkedIn account holders using multi-factor authorisation and strong passwords appear to be able to recover their account after a period of time has elapsed.

However, users without these security protocols are reporting having lost their accounts altogether. Once they have gained access to the account, the criminals will quickly replace the host e-mail with one of their own, locking out the legitimate owners permanently. Whilst the motive behind this current campaign is unclear, some users report being asked for a small ransom payment, so there may be a financial motivation.

Pundits have also commented on the fact that fake and hacked LinkedIn accounts are often used to launch credible phishing and malware attacks. In December 2022, over 100 million fake accounts were closed by LinkedIn and Meta, and with this opportunity being removed, it remains a distinct possibility that cybercriminals could be forced to shift towards compromising legitimate accounts.

What should I do if I have a LinkedIn account?

As stated at the top of the article, there is no confirmation from the host company itself that a large-scale campaign is underway, but their silence, along with the surrounding circumstantial information suggests that now is not the time do nothing.

If you have a LinkedIn account, now is a good time to review your security settings, enable 2FA, and switch to a unique and long password. Go to your LinkedIn security settings page to find out more.

Secondly, users are encouraged to monitor their inbox for LinkedIn notifications that a new email address has been associated to their LinkedIn account, this is an indicator that a compromise is taking place. Also, if you have been hacked, make sure to report to LinkedIn and also to Action Fraud (see below)

If you would like further guidance about how you should protect yourself online then simply join the Eastern Cyber Resilience Centre, a police-led company, for free today. We will help you understand the fundamentals of cyber security and what you should be doing today to protect your accounts.

How to report a cyber attack

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

The Police Cyber Security Company – the National Management Centre – has added its voice of concern to the ongoing media reports that LinkedIn may be experiencing one of its most significant cyber hacks to date.

Image credit: Budrul Chukrut / Shutterstock.com

Over the past few weeks large numbers of users have reported being locked out of their accounts and many have reported account hijacks and takeovers. The implication is that there is an ongoing campaign by threat actors to obtain and take over a mass number of LinkedIn accounts.

Whilst LinkedIn have not officially confirmed this, cyber analysts have noted that search terms such as ‘LinkedIn account hacked’, ‘LinkedIn account recovery’ and ‘breakout’ rose by up to 5000% in the past week. There has also been a steady rise of complaints on forums across the net with many users citing LinkedIn’s failure to respond to calls for help.

The attackers appear to be attempting to gain control of a large number of LinkedIn accounts by using leaked credentials or brute forcing. While the type of accounts being targeted do not appear to be connected, the effect of the takeover attempts can lead to temporary lockout for account holders – something which many users are currently experiencing. LinkedIn account holders using multi-factor authorisation and strong passwords appear to be able to recover their account after a period of time has elapsed.

However, users without these security protocols are reporting having lost their accounts altogether. Once they have gained access to the account, the criminals will quickly replace the host e-mail with one of their own, locking out the legitimate owners permanently. Whilst the motive behind this current campaign is unclear, some users report being asked for a small ransom payment, so there may be a financial motivation.

Pundits have also commented on the fact that fake and hacked LinkedIn accounts are often used to launch credible phishing and malware attacks. In December 2022, over 100 million fake accounts were closed by LinkedIn and Meta, and with this opportunity being removed, it remains a distinct possibility that cybercriminals could be forced to shift towards compromising legitimate accounts.

What should I do if I have a LinkedIn account?

As stated at the top of the article, there is no confirmation from the host company itself that a large-scale campaign is underway, but their silence, along with the surrounding circumstantial information suggests that now is not the time do nothing.

If you have a LinkedIn account, now is a good time to review your security settings, enable 2FA, and switch to a unique and long password. Go to your LinkedIn security settings page to find out more.

Secondly, users are encouraged to monitor their inbox for LinkedIn notifications that a new email address has been associated to their LinkedIn account, this is an indicator that a compromise is taking place. Also, if you have been hacked, make sure to report to LinkedIn and also to Action Fraud (see below)

If you would like further guidance about how you should protect yourself online then simply join the Eastern Cyber Resilience Centre, a police-led company, for free today. We will help you understand the fundamentals of cyber security and what you should be doing today to protect your accounts.

How to report a cyber attack

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).