link: https://www.bleepingcomputer.c...espread-hijacking-ca


Suggest you add 2FA and change password

For some reason I cannot get the link to work. Sorry.

Try this. Your link ends in ca/ and it should be campaign/
https://www.bleepingcomputer.c...-hijacking-campaign/

Maybe a better thread title: “Linkedin Hacked Again”.

^^^^^^^^^^^^^
From the article it seems this far exceeds previous hacks.

Another reason to not be on LinkedIn.

Well, there's another hack that I'm completely impervious and/or immune to...And luck has nothing to do with it! I wonder what everyone's gonna do when their cloud based 'Password Manager' accounts start getting hacked...

I have been approached several times in the last year by profiles that contain American names but pictures of young Chinese women. They all claim to hold high level positions VP, EVP, COO, CEO of large companies but have only been out of college a year. The profiles also change over a short period of time as they target different people.

They start promising a good business connection, often related to a large company they claim to work for. Very quickly it devolves into wanting to know more about you personally and how you can connect better.

The first few were actually very detailed and difficult at first to determine that they were not legit until:
A) they got personal
B) The profile started changing

Recent ones I've seen are immediately identifiable if you scan the entire profile and see the inconsistencies.
100% scam and every one gets reported.

Last time LI was hacked I changed my PW that day. It was years later when they finally made their way down the list to my name but I started getting emails from several "hackers" who said they had my PW and wanted $ to unlock my account.

Problem is they didn't have access to anything as I had changed that PW. I thought about messing with them but didn't want to draw any attention to myself in case they actually had strong hacking abilities. They eventually stopped emailing me.

quote:

Originally posted by Shaql:
They eventually stopped emailing me.

That's a win right there! Probably as much as anyone could hope for.

Coincidence maybe but within a few months of setting up a LinkedIn account I started getting bombarded with spam and the “I activated your device’s camera and recorded you watching porn” ransom demands. Found out through one of my CC’s that my email was on the dark web.


As to the job opportunities from LinkedIn, useless. While my skills (parts counter) could and would allow me to change fields for example vehicles to electronics generally changes like that are accompanied by a major hit in pay, something that I was not interested in taking. There was one in my field but moving to the Mideast was not high on my to do list especially in my 60’s.

I cancelled my account and while it took a couple of years the amount of spam fell off and the ransom demands ended.

quote:

Originally posted by V-Tail:

quote:

Originally posted by ZSMICHAEL:
link: https://www.bleepingcomputer.c...espread-hijacking-ca.

quote:

PAGE NOT FOUND!
Unfortunately the page that you requested does not exist.

See second post with corrected link under the OP post

quote:

Originally posted by triggertreat:
Try this. Your link ends in ca/ and it should be campaign/
https://www.bleepingcomputer.c...-hijacking-campaign/

Thanks for the note warning on this. I don’t use it much but changed my PW just in case.

quote:

Originally posted by Pipe Smoker:
Maybe a better thread title: “Linkedin Hacked Again”.

exactly.

Those A-Holes leaked my private e-mail address a few years ago and I'm still getting spam from it.

Thanks for the heads up. Even though I'm retired, I never deleted my LinkedIn acct.

Curiously, I got a "friend request" (or whatever they're called on LinkedIn) yesterday. After seeing this, I wonder if it's connected.

Thanks for the heads-up Michael.

quote:

Originally posted by nhracecraft:
I wonder what everyone's gonna do when their cloud based 'Password Manager' accounts start getting hacked...

I'm not sure you understand exactly how most of these actually work now. Even in the worst case of someone getting ahold of your encrypted password file (like the most recent LastPass hack) using a effective master password strategy yields an estimated time to brute force break that of centuries. They don't store your actual master password in their system.

Now if I'm incredibly unlucky and they beat the average and guess mine in an hour, well, I'm screwed. First step is following good password protocols. 2FA on all sites allowing it helps, and will let you know when those are under threat.

For anyone not using a tool like that, I've yet to find anyone who can tell me with a straight face that they use a unique password for access to every single account they have, they are all ~20 characters mixed with unique variety of letters/numbers/symbols/capitals and they aren't stored somewhere more easily potentially accessed by a third party.

I admit that I've not actually met Raymond Babbit, but for even him I suspect that would be a recall challenge for the 417 distinct logins I currently have stored....

Retired. Easiest fix was delete account.

I only have one social media account at a site that rhymes with “dig boron.” So far, it has a perfect security record. All other social media is just trouble in some form or another.

All my “friends” can come help me move the piano. Otherwise, they’re not friends.

quote:

Originally posted by Rightwire:

100% scam and every one gets reported.

And nothing happens. LinkedIn now owned by Microsoft does nothing to stop the onslaught of fake accounts.

quote:

Originally posted by Pipe Smoker:
Maybe a better thread title: “Linkedin Hacked Again”.

Yep. Never used and never will, for good reason.