LinkedIn accounts targeted in a worldwide hacking campaign

LinkedIn accounts targeted in a worldwide hacking campaign

A hacking campaign appears to be underway targeting owners of LinkedIn accounts across the globe.

The Israel-based cybersecurity firm CyberInt said it observed a significant number of victims losing access to their accounts, with some of them pressured to pay a ransom for regaining access to their accounts. In some cases, users’ accounts were permanently deleted.

“Our analysis using Google Trends reveals a significant surge in the past 90 days in the volume of Google searches related to the hacked account campaign. Search queries such as “LinkedIn account hacked” or “LinkedIn account recovery” have experienced a substantial upward trend, while the term “breakout” in place of percentage indicates that the search term grew by over 5000%,” the researchers noted.

The threat actors behind the campaign appear to be using leaked credentials or brute-forcing to attempt to take control of a large number of LinkedIn accounts.

The researchers have observed two attack scenarios - temporary account lock and full account compromise. In the case of accounts properly protected with two-factor authentication or strong passwords, takeover attempts resulted in the temporary account lock.

However, in more unfortunate cases victims had their LinkedIn accounts fully hacked, making them unable to recover their accounts independently. Upon gaining access to the account, the attackers swapped the associated email address with another email address, often using addresses generated using the “rambler.[ru]” email system. The hackers then change the account password.

“While the motive behind this campaign remains unclear, the implications of compromised professional LinkedIn accounts are deeply concerning. Threat actors could exploit compromised profiles for social engineering, manipulating others into engaging in harmful activities under the disguise of a trusted colleague or supervisor,” CyberInt warns. “Hacked accounts could be used to spread malicious content, erase years of contributions, or send damaging messages to connections, severely damaging an individual’s reputation.”


Back to the list

Latest Posts

Cyber Security Week in Review: May 23, 2025

Cyber Security Week in Review: May 23, 2025

In brief: Several major malware operations disrupted,  hackers exploit Ivanti and Cityworks zero-days, and more.
23 May 2025
Russian GRU hackers accused of massive espionage campaign across NATO and allied nations

Russian GRU hackers accused of massive espionage campaign across NATO and allied nations

The cyber offensive reportedly struck dozens of entities, spanning both government and private sectors.
22 May 2025
Chinese-speaking threat actors exploit Cityworks zero-day to hack into US govt agencies

Chinese-speaking threat actors exploit Cityworks zero-day to hack into US govt agencies

The attacks have been ongoing since at least January 2025.
22 May 2025
Popular Posts
Featured vulnerabilities
Inclusion of cleartext password into protected PDF file in Artifex Ghostscript
Medium Patched | 24 May, 2025
Authenticated blind SQL injection in VMware Avi Load Balancer
Low Patched | 23 May, 2025
Improper validation of integrity check value in Panasonic IR Control Hub
Low Patched | 23 May, 2025
Multiple vulnerabilities in Fuji Electric V-SFT
High Patched | 23 May, 2025
IBM QRadar Network Packet Capture update for TuneD
Low Patched | 23 May, 2025