“Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts. While LinkedIn has not yet issued an official announcement, it appears that their support response time has lengthened, with reports of a high volume of support requests.” Cyberint’s researcher Coral Tayar said.
Several LinkedIn users have shared their complaints on multiple platforms including Reddit, Twitter and Microsoft forums. These users noted that LinkedIn support has not helped with recovering the breached accounts. The users also expressed their frustration caused due to lack of response from LinkedIn support.
How LinkedIn users were affected
“My account was hacked 6 days ago. Email was changed in the middle of the night and I had no ability to confirm the change or prevent it. No response from them anywhere. It’s pathetic. I tried reporting my hacked account, going through identity verification, and even DMing them on @linkedinhelp on Twitter. No responses anywhere. What a joke of a company..” an affected user wrote on Reddit.
The report also mentioned that search terms about LinkedIn account hacks or recovery records on Google Trends have increased by 5,000% over the past few months.
How hackers are attacking LinkedIn accounts
As per the report, the attackers are using leaked credentials or brute-forcing their way to take control of a huge number of LinkedIn accounts. Hackers were unable to take over some accounts as they were properly protected by strong passwords and/or two-factor authentication.
For such accounts, the multiple takeover attempts resulted in a temporary account lock which was imposed by the platform as a safety measure. LinkedIn asked the owners of these accounts to verify ownership by providing additional information. The job searching platform also asked affected users to update their passwords before they’re allowed to sign in again.
Meanwhile, for the LinkedIn accounts that were poorly protected, hackers were able to successfully take over them. After getting control over these accounts, the hackers quickly swapped the associated email address with one from the “rambler.ru” service.
After this, the attackers changed the account password and prevented the original owners from accessing their accounts. Some users also reported that the hackers turned on 2FA after hijacking the account. This made the account recovery process for these users even more difficult.
In some cases, the attackers also demanded a small ransom to give the accounts back to the original owners. Meanwhile, the hackers deleted some of the accounts without asking the original owners.