Perilous Times for LinkedIn Users: Malicious Account Takeovers on the Rise

Category: User Security | Industry: Media | Source: Cyberint

LinkedIn accounts are under siege from attackers compromising locking and hijacking accounts. In a report released by Coral Tayar, a security researcher from Cyberint. LinkedIn users worldwide have engaged LinkedIn support in an attempt to reclaim control over compromised accounts. According to Tayar, "a significant number of victims" have lost access to their accounts with others "pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts." Giving evidence of the scale of this campaign, online searches related to LinkedIn support, account breaches, and account recovery have demonstrated a notable surge, as observed through Google Trends data spanning the last 90 days.

Two common scenarios are outlined. The first type is temporary, where a user receives a notification from LinkedIn indicating that their accounts have been temporarily locked due to excessive failed login attempts. This serves as an indicator of suspicious activities, which might entail hackers employing tactics such as credential brute-forcing or facing challenges with bypassing Multi-Factor Authentication (MFA) safeguards. In the second scenario, a full compromise occurs. Following a successful login, the attacker takes control by altering the associated email and password, rendering access completely unavailable to the user. While a financial element involving extortion is evident within the campaign, researchers have yet to determine the precise motive and overarching goal behind this widespread campaign. Nonetheless, LinkedIn users should be mindful of alerts they may receive and take proactive steps to update their account credentials including implementing MFA.