Facepalm: LinkedIn, the business-oriented social network wholly owned by Microsoft, is currently facing a security breach. Security experts have uncovered an ongoing and widespread campaign targeting LinkedIn accounts, and the company appears to be struggling to effectively handle the surge in support requests that has followed.
Cyberint security researchers have detected an ongoing and reportedly "successful" hacking campaign targeting LinkedIn accounts. The attack is characterized by a consistent method and is impacting users of LinkedIn worldwide. Some accounts have been hijacked or even completely deleted, while other users are being extorted for money to regain control of their accounts.
The hacking campaign has persisted for weeks, according to Cyberint. The higher-than-usual volume of support request seemingly brought the entire network to a halt, and now users are lamenting the fact that the social network isn't even responding anymore.
Notably, Google Trends have shown a notable increase in search queries related to the attack, indicating that affected users are seeking ways to recover their compromised or blocked accounts. Security researchers have identified two primary attack methods: Temporary Account Lock and Full Account Compromise.
In the Temporary Account Lock scenario, unidentified cybercriminals attempt to bypass account security measures, triggering a temporary lock on the account. While the account remains secure, the suspicious activity, such as repeated password attempts or even attempts to breach two-factor authentication, prompts LinkedIn to request users to verify their identity, update their password, and subsequently unlock the account.
The second scenario involves a full compromise of the account. In this case, the hackers gain control of the targeted account through methods like brute-forcing the password. Subsequently, they change the associated email address of the account to one from the rambler.ru domain. At this stage, the criminals have complete control over the user's account, making the process of regaining control a significantly challenging endeavor.
Some victims of the attack have been asked to pay a small ransom to regain access to their accounts, while in other cases, the accounts have been completely deleted. According to Cyberint analysts, the consistent modus operandi displayed by the unidentified cybercriminals indicates a "comprehensive" campaign that is actively ongoing. While the true motive behind the attack is still being investigated, its potential impact on victims and internet security is of serious concern.