Summary
- LinkedIn users are being targeted by a campaign that steals their accounts and then demands a ransom to avoid having the accounts deleted.
- The attackers may be using a variety of methods to gain access to accounts, including brute force attacks and credential stuffing.
- Victims are usually made aware of the attack when they receive a notification that the email address associated with their account has been changed.
- In some cases, the attackers have also added fake accounts to the victim’s connections.
- LinkedIn support has not been helpful in recovering the breached accounts, with users reporting long wait times and unhelpful responses.
- The best way to protect yourself from this attack is to set up two-step verification (2FA).
More Details
- 2FA adds an extra layer of security to your account by requiring you to enter a code from your phone in addition to your password when you sign in.
At least 2 Ways to set up 2FA on LinkedIn
- Authenticator app 2FA: This method uses an app on your phone to generate a code. Authenticator app 2FA is considered to be more secure than SMS 2FA.
- SMS 2FA: This method sends a code to your phone via SMS.
You are viewing a single thread.
View all comments 4 points
Correct me if I’m wrong but weren’t the people exposed by clicking or opening something malicious? And those with a truly strong password are fine?
4 points
They didn’t mention phishing and malware, although they didn’t exclude them either.
They mentioned:
- credential stuffing = email/password reused. potential solutions = use unique passwords, use unique email (use aliases).
- brute-forcing password. potential solutions = use strong random (and unique) passwords, use 2FA.