LinkedIn Profiles Compromised in Broad Takeover Effort
LinkedIn Profiles Compromised in Broad Takeover Effort

Image: Souvik Banerjee (unsplash)

LinkedIn is experiencing a surge of account breaches, leading to numerous users either being temporarily locked out due to security precautions or having their profiles completely taken over by unauthorized individuals.

Based on information from Cyberint, numerous LinkedIn members have expressed their frustrations about unauthorized account access and lockouts, combined with their difficulties in obtaining assistance from LinkedIn’s customer service.

Some individuals, as per Cyberint’s researcher Coral Tayar’s observations, faced demands for ransoms to regain control over their accounts, while others faced threats of permanent account deletion.

Although LinkedIn hasn’t officially commented on the situation, there seems to be a noticeable delay in their customer service response time, indicating that they may be overwhelmed by a higher-than-normal number of requests for assistance.

Online platforms such as Reddit, Twitter, and Microsoft forums reveal grievances from affected LinkedIn users, with many stating that the platform’s support team has been insufficient in assisting them to retrieve their accounts. One individual on Reddit described an incident where their email linked to LinkedIn was altered without their permission and they had no recourse to stop the changes. They elaborated on their failed attempts to reach out to LinkedIn, stating their disappointment in the platform’s customer service.

According to Cyberint, there’s a growing online trend surrounding this issue, as demonstrated by Google Trends data. Searches pertaining to LinkedIn account breaches or recovery have surged by 5,000% in recent months.

The culprits behind these unauthorized access attempts are believed to be leveraging exposed login details or utilizing brute-force methods to gain access to a vast number of LinkedIn profiles.

For those accounts safeguarded with robust passwords or two-factor authentication, the numerous unauthorized access attempts triggered an automatic temporary account lock, a feature implemented by LinkedIn. Account holders affected by this have to subsequently verify their identity and update their passwords before gaining access again.

In scenarios where unauthorized individuals successfully access LinkedIn accounts with weaker security measures, they swiftly substitute the linked email address with another from an unrelated email service provider. Following this, they modify the account’s password, restricting the original users from reclaiming their accounts. It has been noted that in several cases, these unauthorized users enable 2FA post-takeover, complicating the account recovery process.

Based on Cyberint’s investigations, some of these unauthorized users have even demanded money in exchange for account access, while others simply deleted the accounts without making any demands.

Given their potential utility in social engineering, phishing, and employment scams, LinkedIn profiles are highly prized, particularly in the backdrop of recent platform enhancements to deter false profiles and inauthentic activities. Hence, compromising active, legitimate accounts has become a strategic move for cybercriminals.

For those with LinkedIn profiles, it is advised to revisit security protocols, activate two-factor authentication, and use a strong, unique password.

BleepingComputer reached out to LinkedIn for their take on the reported issues but had not received a comment as of the time of reporting.