Malicious actors are hacking Linkedin accounts using compromised credentials or brute force attacks which target weaker passwords.
For accounts that are protected by strong passwords and multi-factor authentication (“MFA”), attempts will result in a temporary account lockout that can be resolved by providing additional information and changing your password. For less protected accounts or for accounts accessed via compromised credentials, the impacts include:
- A change made to your account email address, locking you out of your account
- New email addresses are appearing with a “rambler.ru” domain name
- A password change, with the enablement of MFA, making it more difficult to recover your account
- Charging a ransom to return accounts, deleting accounts, or using accounts for social engineering attacks
What you can do:
- Make sure that you are using unique passwords or passphrases on all of your accounts, and never reuse passwords/passphrases. For more information on creating strong passwords, visit NYU’s Safe Computing site.
- Activate multi-factor authentication on your LinkedIn account (and all of your other accounts) for added protection. This added layer of authentication makes it difficult for attackers with stolen credentials to succeed.
For more information:
- Bleeping Computer, LinkedIn accounts hacked in widespread hijacking campaign
- KnowBe4 blog, Cybercriminals May Already Have Hacked Your LinkedIn Account