The Cambrian infosec team has received an advisory regarding LinkedIn accounts being hacked in a widespread hijacking campaign. There have been reports of LinkedIn account takeovers or lockouts an inability to resolve the problems through LinkedIn support due to high volume of requests. LinkedIn has not issued an official announcement; however, it is better to err on the side of caution.
What are the attackers doing?
- Attackers are either attempting to brute-force accounts’ passwords or are possibly using login credentials stolen in a previous data breach.
- Once the account is accessed, they change the associated email address and password thereby leaving the account irrecoverable by the user.
- Users have also been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts.
As a remediation measure, we recommend you take the below steps:
- Log in your LinkedIn account and confirm your continued access.
- Make sure that your LinkedIn password is unique to the service, long, and strong.
- Length trumps complexity. Use a passphrase that you will easily remember.
- Set up and use Multi-Factor Authentication (2FA) wherever possible.
- Avoid using the same password for multiple websites. Update other logins even from personal accounts for which you have used the same password.
- Verify your email inbox for any messages from LinkedIn indicating the addition of an extra email to your account. If you did not initiate the action, consider it as a warning sign and work to remediate.
If you require further assistance with Your Cambrian College password or suspect an account compromise, please contact the IT Service Desk immediately at 705-566-8101 x7370 for further investigation.