Owning a LinkedIn account is becoming an increasingly risky business. The leading social networking site for professionals worldwide, LinkedIn has become a byword for respectability and overall security. But all that has started to change, with the growing attention of cybercriminal gangs, firstly with false flags and, more recently, directly taking control of targeted individual LinkedIn accounts.
So far, only nominal ransoms are being asked of private individuals, although there are reports of some accounts being simply deleted. These actions suggest one of two possibilities or even a combination of both. First, it is the work of “script kiddies,” inexperienced hackers anxious to gain a few dollars of spending money and notoriety among their peers. The second possibility is that the more sinister hand of organized cybercrime may be behind the account takeovers. It is easy to speculate that professional cybercriminals would have little hesitation in hijacking highly targeted LinkedIn accounts, such as those of influential figures. The LinkedIn account could then be easily weaponized against its original owner by, for example, bombarding all their business contacts with insulting messages and damaging data.
And it looks like the problem is more widespread than LinkedIn admits. Cybersecurity firm Cyberint’s research team is reporting a steep increase in online conversations about hacked accounts on social media and also in the frequency of searches for LinkedIn support and advice when an account is compromised. Searches such as “LinkedIn account hacked” or “LinkedIn account recovery” have mushroomed over the last 90-day period.
There are understood to be two distinct methods currently being used to try to hack into personal LinkedIn accounts. The less serious of the two is “a temporary account lock.” This refers to straightforward attempts by standard methods, such as brute force attacks to mimic passwords. LinkedIn usually advises affected users to verify their accounts and update their passwords to regain access.
But the second style of attack, “the full account compromise,” makes it impossible for account holders to regain control from the hackers, who alter the account holder’s email address to another address, possibly a new one using an email service like rambler.ru, to change the account holder’s password. Once fully executed, the hacker has complete control of the account and can demand a ransom or, in some cases, delete the account entirely.
“Given the remarkable increase in hacked accounts and the consistent modus operandi, it is evident that a comprehensive campaign is underway targeting LinkedIn accounts. While the motive behind this campaign remains unclear, the implications of compromised professional LinkedIn accounts are deeply concerning,” says Cyberint researcher Coral Tayar.
