I Was a Victim of the LinkedIn Hacking Spree (August 2023)

I got my account back but first I had to work for it.

Allow me to share with you what actually happened. After reading a report on how multiple people got locked out of their LinkedIn accounts, I thought to myself, “This is something I should write about.” Little did I know, one of the people I’d be writing about was actually me. Guess what? Now, I’m doing it!

If you’ve read any of my previous posts, then you’re aware that I cover internet and cybersecurity-related material. I’ve written about digital threats and breaches before, and I convinced myself that I have the knowledge, best practices, and a healthy dose of caution. If you consider yourself immune to falling victim to cyberattacks, maybe you’re naive, and maybe I was too.

Recent events have shown that even the most vigilant individuals can find themselves ensnared in the web of hacking and account breaches.

The news of the LinkedIn hack sent shockwaves through the online community. Learning about the wave of account hacks targeting the platform, I approached the story with a sense of urgency. Little did I know that I would soon become a participant in the narrative I was about to hit publish on.

A couple of weeks ago, my LinkedIn account was compromised. I was left helpless and couldn’t prevent the change. Panic set in as I realized that the very security measures I had preached and advised others on had failed to shield me from the clutches of cybercriminals. But this wasn’t completely true, and the fact that I was in the dark allowed all sorts of thoughts to go through my mind.

The subsequent ordeal was as frustrating as it was ironic. I followed the same advice I had given countless times to those facing similar situations. I reported the hacked account, went through the tedious identity verification process, and reached out to LinkedIn support via multiple channels, including Twitter (X). Call it what you want. My efforts, however, were met with deafening silence.

As days turned into weeks, I eventually came to understand the anger and despair expressed by others who had faced similar circumstances. The very platform that people trust to connect and talk about professional achievements was now leaving its victims to fend for themselves without making a comment on a situation the whole world already knew about.

The lack of response from LinkedIn's support was not just disappointing, but a stark reminder of the challenges regular users face when trying to reclaim their digital identities and online profiles.

The experience also underscored the evolving tactics of cybercriminals. The hijackers swiftly changed the associated email addresses, making account recovery a daunting task. In some instances, a demand for ransom was made, or accounts were simply deleted without any recourse. The level of sophistication displayed by these hackers was both alarming and humbling.

The incident served as a wake-up call, prompting me to revaluate my security practices not just on LinkedIn, but across all my online accounts.

So, to anyone who, like me, thought they were invincible in the face of digital dangers, think twice. The LinkedIn hack is a stark reminder that cyber threats are evolving, and no one is ever immune. It's time to review security measures, enable two-factor authentication, and choose strong, unique passwords. The experience has humbled me and reinforced the need for continuous vigilance in the digital realm – a lesson I won't soon forget.

If this was really the end, it would sound as if I didn’t really share what actually happened to me wouldn’t it? So generic, lacking all the significant details.

Worry not, here comes the best part (for you at least)

A day after reading what many people were going through on LinkedIn, I realized my account was no longer accessible, as you can see above. Two days after that, I was made aware that my profile was no longer available; it was taken down without a trace, like it never existed in the first place.

I went through with publishing this piece on how LinkedIn accounts were hacked; talking about my own demise wasn’t part of the initial plan anyway, so why change it now, I thought? Besides, I didn’t really understand exactly what I was caught up in or why nobody said anything.

That’s when I decided to do research, also called information gathering, something I’m actually good at. But, after feeling helpless considering the fact that LinkedIn holds all the keys and I had only them to rely on for intel, I forgot how much I could actually do on my own.

Through research, I came to know that there were many people in a situation like my own. Chances are a hacking attempt was made on my account, and due to that, I was locked out and forced to provide information only I could share about myself with LinkedIn. Even though this was heavily influenced by the hacking spree, my account wasn’t actually compromised; this was LinkedIn’s way of making sure things didn’t escalate to that point.

The message below is from LinkedIn that I received after my account was liberated and made available again (LinkedIn profile link on my about page).

Hi XXX,

I’m sorry for the delay and any inconvenience this has caused. I truly appreciate your patience and look forward to assisting you today.

Thank you for verifying your identity. A temporary restriction was placed on your account because we detected suspicious activity. This restriction prevented all access to your account as we reviewed this issue.

I am happy to share I have removed the restriction from your LinkedIn account and taken the following steps to secure it:

Your account has been signed out on all devices.

A password reset link has been sent to your primary email address.

Once you successfully access your account I suggest these steps to ensure your information is correct as it may have been modified during this incident:

1. Review your profile information and settings.

If your profile information has been changed or removed during this incident, you can now edit your profile to display the correct content. Please note that LinkedIn does not store previous profile information, so you’ll need to update your profile if needed.

2. Review recent messages, invitations, display posts, or comments for any unauthorized activity.

Lastly, I would recommend these best practices for your online privacy:

Turn on two-step verification as an added layer of security: https://www.linkedin.com/help/linkedin/answer/544

Check the email addresses on your account to ensure they are current: https://www.linkedin.com/help/linkedin/answer/60

Change the password on your email account(s) as soon as possible. If your email service provider offers two-step verification, we recommend that you enable it.

Find more tips here: https://www.linkedin.com/help/linkedin/answer/267

Thank you so much for your partnership as we worked through this together. If you have any issues accessing your account, please let me know by replying to this email.

Regards,

LinkedIn Member Safety and Recovery Consultant

This is more than just a post about LinkedIn; what’s considered secure here, like 2FA and strong passwords, apply to any and all online and some offline accounts, so make sure this is a must-do for you, as it might save one of your accounts some day or be the reason one is compromised. Don’t wait for a day like that to protect yourself; stay safe today!

Thank you for reading this far; your contribution makes a difference.

This story was previously published on Medium.