New Hacking Attack Targeting LinkedIn Accounts Worldwide

An ongoing campaign has resulted in the compromise of multiple LinkedIn accounts. However, the motive behind this campaign remains unclear at this time.

Numerous users have reported instances of their LinkedIn accounts being temporarily locked, hacked, or permanently deleted.

LinkedIn account compromise issue discussed on Social network (Source: Cybrint)

In certain cases, there were also ransom payments requested by threat actors to recover user accounts. As per the Google Trends report, this LinkedIn account compromise has seen a sudden surge in the past 90 days. It also shows several searches for “LinkedIn account hacked” or “LinkedIn account recovery.”

Google Trends Report (Source: Cybrint)

It is suspected that threat actors have gathered data from a LinkedIn Breach and used the data to pick accounts. Threat actors identify accounts without 2FA or use Brute force to hack into accounts having short passwords. 

A complete picture of this LinkedIn attack campaign is yet to be revealed. However, Two scenarios have been discovered while attacking user accounts. One of the scenarios is a Temporary account Lock, and the other is a Full Account compromise.

Temporary Account Lock

In this scenario, threat actors attempt to compromise a LinkedIn account that has two-factor authentication enabled with brute force attacks. This results in LinkedIn sending suspicious activity followed by a temporary account lock for a user. 

As a method for recovery, Users are requested to verify their accounts, update their passwords for security reasons and regain access to their accounts.

Temporary account lock notification from LinkedIn (Source: Cybrint)

Full Account Compromise

In this scenario, threat actors completely take over victims’ accounts and change their email addresses in order to ensure that victims don’t recover their accounts. The email addresses used for replacing the original email address of these accounts were generated from the rambler[.]ru mail system.

Furthermore, for this type of scenario, there have been reports of demanding ransom as a financial gain ranging between tens of dollars. 

Full account compromise with replaced email ID (Source: Cybrint)

Once threat actors gain access to these professional LinkedIn accounts of users, they have several attack vectors, which involve social engineering, manipulation of people, baiting to a malicious link, blackmail, reputational damage, spreading malicious content, and many more.

Cybrint has released a complete report on this LinkedIn attack campaign which provides additional details on this issue.


Users of LinkedIn are recommended to check their account access to see whether they are able to log in to their account and make sure all their information, like email, phone numbers, and others, are genuine and legit. 

Changing and deploying a strong password in the LinkedIn account, which is unique and not reused, is recommended. Additionally, 2-step verification can also be implemented to prevent brute force attacks.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Leave a Reply

Your email address will not be published. Required fields are marked *