Summary

  • LinkedIn users are being targeted by a campaign that steals their accounts and then demands a ransom to avoid having the accounts deleted.
  • The attackers may be using a variety of methods to gain access to accounts, including brute force attacks and credential stuffing.
  • Victims are usually made aware of the attack when they receive a notification that the email address associated with their account has been changed.
  • In some cases, the attackers have also added fake accounts to the victim’s connections.
  • LinkedIn support has not been helpful in recovering the breached accounts, with users reporting long wait times and unhelpful responses.
  • The best way to protect yourself from this attack is to set up two-step verification (2FA).

More Details

  • 2FA adds an extra layer of security to your account by requiring you to enter a code from your phone in addition to your password when you sign in.

At least 2 Ways to set up 2FA on LinkedIn

  1. Authenticator app 2FA: This method uses an app on your phone to generate a code. Authenticator app 2FA is considered to be more secure than SMS 2FA.
  2. SMS 2FA: This method sends a code to your phone via SMS.
  • @Raisin8659OP
    link
    English
    41 year ago

    They didn’t mention phishing and malware, although they didn’t exclude them either.

    They mentioned:

    • credential stuffing = email/password reused. potential solutions = use unique passwords, use unique email (use aliases).
    • brute-forcing password. potential solutions = use strong random (and unique) passwords, use 2FA.