top of page

Hackers launch widespread campaign to hijack LinkedIn accounts

LinkedIn has reportedly been the target of a wave of account hacks, with many accounts being locked out for security reasons or eventually hijacked by attackers.

According to Cyberint, many LinkedIn users have complained about account takeovers or lockouts, as well as an inability to resolve the issues through LinkedIn support.

"Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts," reports Cyberint's researcher Coral Tayar.

"While LinkedIn has not yet issued an official announcement, it appears that their support response time has lengthened, with reports of a high volume of support requests."

According to complaints on Reddit, Twitter, and the Microsoft forums, LinkedIn support has been ineffective in recovering the breached accounts, with users becoming frustrated by the lack of response.

"My account was hacked 6 days ago. Email was changed in the middle of the night and I had no ability to confirm the change or prevent it," wrote an affected user in a Reddit thread about the hacks.

"No response from them anywhere. It's pathetic. I tried reporting my hacked account, going through identity verification, and even DMing them on @linkedinhelp on twitter. No responses anywhere. What a joke of a company", they continued.

According to Cyberint, there are also signs of a breakout reflected in Google Trends, where search terms related to LinkedIn account hacking or recovery have increased by 5,000% in the last few months.

The attackers appear to be attempting to gain control of a large number of LinkedIn accounts by using leaked credentials or brute-forcing.

Multiple takeover attempts resulted in a temporary account lock imposed by the platform as a protection measure for accounts that are appropriately protected by strong passwords and/or two-factor authentication.

Owners of these accounts are then prompted to confirm ownership by providing additional information, as well as update their passwords, before they can sign in again.

When the hackers successfully gain access to insecure LinkedIn accounts, they quickly replace the associated email address with one from the "" service.

The hijackers then change the account password, preventing the original account holders from accessing their accounts. Many users also reported that the hackers enabled 2FA after hijacking their accounts, making account recovery even more difficult.

In some cases, the attackers demanded a small ransom to return the accounts to their rightful owners, while others simply deleted the accounts without asking for anything.

LinkedIn accounts are useful for social engineering, phishing, and job offer scams, which can lead to multi-million pound cyber-heists.

Hacking existing accounts has become much more practical for hackers, especially since LinkedIn introduced features to combat fake profiles and inauthentic behaviour on the platform.

If you have a LinkedIn account, now is a good time to review your security settings, enable 2FA, and switch to a unique and long password.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page