An increase in account breaches on LinkedIn is causing numerous user accounts to be either locked due to security concerns or seized by malicious actors.
Numerous LinkedIn users have expressed frustration over account takeovers or lockouts, coupled with an inability to rectify these issues through LinkedIn's support system.
Reports indicate that several individuals have been coerced into paying a ransom to regain control of their accounts or have been confronted with the prospect of their accounts being permanently deleted.
Although an official announcement from LinkedIn is still pending, it seems that their support response time has extended due to reports of a significant influx of support requests.
These complaints have been reported across Reddit, Twitter, and Microsoft forums and it seems that LinkedIn's support has proven unhelpful in the process of recovering compromised accounts. Users have expressed increasing frustration due to the lack of response.
The hackers seem to be utilising leaked credentials or employing brute-force tactics in their mission to commandeer a vast amount of LinkedIn accounts.
In cases where accounts contain robust safeguards like potent passwords and/or two-factor authentication, the repeated takeover endeavours have triggered a temporary account lock as a protective measure implemented by the platform.
Account owners are prompted to confirm their ownership through supplementary information and to enhance their passwords prior to being granted access once more.
Upon taking control of poorly safeguarded LinkedIn accounts, the hackers expeditiously replace the linked email address with one sourced from the "rambler.ru" service.
Subsequently, the hijackers alter the account password, effectively denying the original owners access to their accounts. Numerous users also noted that the hackers activated 2FA (Two-Factor Authentication) after seizing control of the accounts, adding an extra layer of complexity to the account recovery procedure.
It has also been noted that in some cases, the hackers have demanded small ransom amounts in exchange for the accounts to be returned to their original owners or the accounts have been deleted without asking for anything in return.
LinkedIn accounts possess significant value for activities such as social engineering, phishing, and orchestrating job offer scams, which on occasion culminate in cyber-heists amounting to millions of dollars.
Particularly following the implementation of features by LinkedIn aimed at countering fake profiles and fraudulent activities, the act of hijacking existing accounts has become a more viable strategy for hackers.
For those who possess a LinkedIn account, it is advisable to assess your current security settings, activate Two-Factor Authentication (2FA), and consider adopting a distinctive and lengthy password.
