A firsthand perspective on the recent LinkedIn account takeover campaign
www.malwarebytes.com
It started with a password reset email in the middle of the night.

TLDR; if your Linkedin account is taken over, the only way that you can get rid of the hacker may be to get support to do it.

Summary

  • A LinkedIn user, Pearce, received an SMS text from LinkedIn telling him to reset his password. He checked his account and found that there was an unknown IP address in Texas logged into his account.

  • Pearce changed his password and enabled multi-factor authentication, but the unwanted active session remained.

  • He opened a support ticket with LinkedIn, but it took them 3-4 days to reply. LinkedIn eventually signed Pearce out of all sessions and sent him a password reset link.

  • LinkedIn explained that Pearce’s account may have been compromised if he had recently signed in from a public computer, used an outdated email or phone number, or used the same password on multiple websites.

  • LinkedIn recommends that users check their email addresses and enable two-factor authentication to protect their accounts.

  • The article also mentions that LinkedIn has added an option to end individual sessions, but it doesn’t always work as advertised.

Additional Details

  • The unwanted active session could not be removed by changing the password or enabling multi-factor authentication.

  • LinkedIn Support was overwhelmed by the number of requests they received about this campaign, so it took them a long time to reply to Pearce’s ticket.