Cybersecurity company Cyberint on Monday announced that many LinkedIn accounts have been locked out or untimely hijacked by attackers in a significant global hacking campaign.
Several affected LinkedIn users took to Reddit, Twitter, and the Microsoft forums to report that they have lost access to their accounts and are facing frozen or banned accounts (via BleepingComputer).
“Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts,” wrote Coral Tayar, a security researcher at Cyberint, in a blog post.
“While LinkedIn has not yet issued an official announcement, it appears that their support response time has lengthened, with reports of a high volume of support requests.”
Frustrated LinkedIn users also reported that they are unable to resolve the problems related to their breach accounts, as LinkedIn support has been unresponsive or unhelpful.
“My account was hacked 6 days ago. Email was changed in the middle of the night and I had no ability to confirm the change or prevent it,” wrote an affected user in a Reddit thread about the hacks.
“No response from them anywhere. It’s pathetic. I tried reporting my hacked account, going through identity verification, and even DMing them on @linkedinhelp on twitter. No responses anywhere. What a joke of a company..”
Cyberint adds that Google Trends reveals a significant surge in the past 90 days in the volume of Google searches for terms such as “LinkedIn account hacked” or “LinkedIn account recovery”, while the term “breakout” in place of percentage indicates that the search term grew by over 5000%.
The wave of attacks appears to involve the use of leaked credentials or brute-forcing of passwords to take over poorly protected LinkedIn accounts.
Hackers then quickly swap the associated email address with one from the “rambler.ru” service, reset the password, and enable two-factor (2FA) authentication, locking out the original account holder. This made the account recovery process even more difficult.
Those accounts that were protected by strong passwords and/or two-factor authentication are being temporarily locked by LinkedIn as a protection measure after multiple unsuccessful login attempts.
Affected account owners are being requested to verify their accounts and update their passwords before getting access to their accounts again.
While LinkedIn has not issued any official statement on the report, Cyberint has advised users to strengthen passwords and enable 2FA authentication to safeguard their accounts.