LinkedIn faces surge of account hijacking
Accounts with weak passwords are being taken over, with users locked out
Hackers take over accounts with weak security, change the email to a rambler.ru address, reset the password and implement 2FA to lock out the genuine account holder.
LinkedIn is experiencing a surge of account hacks and takeovers.
Users are reporting being locked out of their accounts and having their accounts hijacked. Some users have said they've received ransom demands for renewed access, while others have had accounts deleted entirely.
According to security vendor Cyberint, Google Trends shows searches for terms such as "LinkedIn account hack" and "breakout" spiking by up to 5000% over the past 30 days.
LinkedIn's customer support is also reported to be experiencing delays, which may indicate a high volume of requests. Some users say LinkedIn support has been unresponsive or unhelpful in recovering their accounts.
The wave of attacks seems to have been ongoing for several weeks, and appears to involve the use of leaked credentials and the brute forcing of passwords.
LinkedIn has implemented increased authentication checks for accounts, asking users to verify their accounts with a verification code or temporarily locking accounts after multiple unsuccessful login attempts, forcing users to re-verify themselves.
Accounts with strong passwords or two-factor authentication (2FA) enabled seem less affected, but poorly secured accounts are vulnerable to brute force techniques. According to the Cyberint researchers, having cracked a login, the hackers quickly change the email to a rambler.ru address, reset the password, and enable two-factor authentication, locking out the real account holder.
The hackers' motives remain unclear. However, hijacked accounts can be used for social engineering and phishing activities to launch further attacks on organisations, or for initiating scams through identity theft.
Since LinkedIn stepped up its efforts to crack down on fake accounts, hijacking genuine ones has become a more practical route for cyber criminals.
To lower the risks of account credentials being hacked by brute force, users are advised to strengthen passwords and enable two-factor authentication.
So far, LinkedIn has not issued an official announcement or offered an explanation of the situation.
As a rich source of personal information, LinkedIn is a favourite target for hackers. In 2021 the details of half a billion users were offered for sale online.
In July, LinkedIn owner Microsoft warned of a surge in credential attack activity by Russian state-linked actors, including APT29 or Cozy Bear.