Summary

  • LinkedIn users are being targeted by a campaign that steals their accounts and then demands a ransom to avoid having the accounts deleted.
  • The attackers may be using a variety of methods to gain access to accounts, including brute force attacks and credential stuffing.
  • Victims are usually made aware of the attack when they receive a notification that the email address associated with their account has been changed.
  • In some cases, the attackers have also added fake accounts to the victim’s connections.
  • LinkedIn support has not been helpful in recovering the breached accounts, with users reporting long wait times and unhelpful responses.
  • The best way to protect yourself from this attack is to set up two-step verification (2FA).

More Details

  • 2FA adds an extra layer of security to your account by requiring you to enter a code from your phone in addition to your password when you sign in.

At least 2 Ways to set up 2FA on LinkedIn

  1. Authenticator app 2FA: This method uses an app on your phone to generate a code. Authenticator app 2FA is considered to be more secure than SMS 2FA.
  2. SMS 2FA: This method sends a code to your phone via SMS.
  • lickmysword@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Correct me if I’m wrong but weren’t the people exposed by clicking or opening something malicious? And those with a truly strong password are fine?

    • Raisin8659@monyet.ccOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      They didn’t mention phishing and malware, although they didn’t exclude them either.

      They mentioned:

      • credential stuffing = email/password reused. potential solutions = use unique passwords, use unique email (use aliases).
      • brute-forcing password. potential solutions = use strong random (and unique) passwords, use 2FA.