LinkedIn users are being targeted in an ongoing account hijacking campaign, are getting locked out of their accounts; the hacked accounts are held for ransom.
Users discussing their compromised LinkedIn accounts.
Google Trends shows search queries such as “LinkedIn account hacked 2023” or “LinkedIn account recovery appeal” exploding – they grew by over 5000%.
In cases where they successfully access the targeted account, they alter the account’s associated email address to an email address opened with Russian web service rambler.
Owners of accounts protected with two-factor authentication, on the other hand, are only temporarily locked out of their account: the many repeated failed login requests trigger LinkedIn’s defenses, and LinkedIn sends them an email notification telling them to reset their password and to choose a strong one, so they can regain access to their account.
“Verify your email inbox for any messages from LinkedIn indicating the addition of an extra email to your account. If you didn’t initiate this action and find such an email, consider it a significant warning sign. Ensure that you can still log in to your account, change your password, and remove the added email address from your contact details,” Tayar also advised.
