Security Alert

LinkedIn accounts hacked in widespread hijacking campaign


Joseph Morgan


May 16, 2023


Alert Summary

A significant number of LinkedIn accounts are reportedly being hacked or locked out, as highlighted by cybersecurity firm Cyberint. Many users have found themselves unable to reclaim their accounts via LinkedIn’s support channels, with some even facing ransom demands or outright deletions of their accounts by attackers.

Puzzle with cyber robber icons, be careful and unlock. safety And security
A hacker wearing a mask to cover his face is using computer to hack data to get ransom from victims.

Attack Methodology

Attackers are seemingly exploiting leaked credentials or employing brute-force attacks to gain unauthorized access to numerous LinkedIn profiles. For accounts bolstered by robust security measures, including strong passwords and two-factor authentication (2FA), numerous unauthorized access attempts lead to LinkedIn imposing temporary account locks as a security protocol.

However, attackers who successfully infiltrate accounts without such protections swiftly switch the linked email to an address associated with the “” domain. Following this, they modify the account’s password, effectively locking out the legitimate users. In numerous cases, hackers also activated 2FA post-hijack, complicating the account recovery process.

Possible Intent & Motive

While some hijackers demanded ransoms for account return, others deleted profiles without any apparent gain. LinkedIn accounts can be lucrative assets for cybercriminals, aiding in phishing, social engineering, and even high-value cyber-heists. Given LinkedIn’s recent implementation of features deterring fake profiles, attackers find it more efficient to hijack pre-existing accounts.

Here are our recommendations to help protect your accounts

  1. Update Your Passwords Ensure you are using strong and unique passwords for your LinkedIn account. Your password should be at least 12 characters long, containing a mix of upper and lower-case letters, numbers, and symbols. Do not reuse passwords across multiple accounts.

  2. Enable Two-Factor Authentication (2FA) Activate 2FA on your LinkedIn account, adding an extra layer of security. This requires you to provide a second verification step (usually a code sent to your mobile device) in addition to your password.

  3. Review Your Account for Suspicious Activity Regularly check your LinkedIn account for any unusual or unauthorized activity. If you notice any changes that you did not make, such as a new email address or unexpected posts, immediately change your password and contact LinkedIn support.

  4. Beware of Phishing Attempts Be cautious when receiving unsolicited or suspicious emails asking for your LinkedIn credentials or personal information. Verify the authenticity of the request before taking any action.

  5. Keep Software Up-to-Date Ensure your devices’ operating systems, web browsers, and security software are updated with the latest patches. This helps protect against known vulnerabilities that cybercriminals exploit.

Please note that these recommendations are not just applicable to LinkedIn but should also be implemented for all your online accounts.