Linkedin Login Hack

My LinkedIn account was hacked this morning.

To my small reader base: If we’re supposed to get coffee the week of the 19th, let’s arrange where, by email.

1. The initial reset (7:37am)

I received an email to confirm I’ve successfully reset my password

Hi Robin,

You’ve successfully changed your LinkedIn password. Thanks for using LinkedIn!

The LinkedIn Team

When and where this happened:

Date: August 19, 2024 GMT Browser: Chrome Operating System: Windows Approximate Location: Queen Creek, Arizona, United States

Didn’t do this? Be sure to change your password right away.

My comments

  • I know this wasn’t me – I’m not in Arizona, I don’t use Windows, I wasn’t awake when this happened. But I could have easily ignored this email, as I did for a few hours, until I coming across it in a clear out at around 11 am.
  • Minor product bug – GMT isn’t really relevant to a date. How about “When: 7:37 AM, August 19, 2024 GMT”. That being said, it’s actually BST in Britain right now.
  • Major product flow problem – the suggestion to “change your password” doesn’t actually have an effect. Firstly, because I didn’t even see this email until it was too late – the email address has been changed, so all my password resets are going to the thief.
  • A better user flow would be something like “Wasn’t you? [click here] to get your account back”

2. The notice (10:55am)

At 10:55, I noticed the reset email.

Uh oh, I didn’t do this. Someone’s stolen my account, including all my connection data (5k or so), and all their personal contact data. They’re probably in there posting things, deleting content and causing ruckus.

Let’s see if I can reset things. Nope, they’ve locked out my multiple devices, and also changed the email address.

3. The complaint (11:01am)

To regain access, I went to the web – pretty straightforward initial process, although a bit of a question protocol needed on the form – the captcha should be above the submit button, rather than below. (Caught me out the first time).

4. The response (11:02am)

Almost immediately, I received an auto response email giving direction on how to resolve, with a link to an ID check service. Then a request to respond.

Upload some ID data to check ID and verify your identity.

But then a comment in the email saying “respond to us within 14 days” which has made me realise how dependent we are on LinkedIn when in a job-hunting scenario and worry that I’d twist in the wind in some sort of long SLA timeframe.

5. The wait (1:49pm)

And since 11:14am, no response. The response email kindly gives a case # and a link to look at the status of the issue in their case tracking system. But of course I can’t, because it asks for a log-in.

TO BE CONTINUED …….

……. RIGHT HERE

6. The escalation (3:09pm)

With a personal connection, and a friend who’d gone through the same process a few months back, I reached out. No news on whether this made a difference, but…

7. The resolution (4:43pm)

The account is back up. Password changed, 2 factor auth re-enabled (with it having been disabled somehow), and old emails removed. Full cleanup. Next step – validate all the content is correct…don’t want random bad things to show.

Thanks again to all who helped and supported. Quite strange to think that a 20-year historical profile on a career social network site had such a heavy impact on my productivity today.

The Root Cause

My suspicion is that someone registered an old expired domain of mine, added an email address and used that legacy email to take over my social account – that was the primary address attached to the restored profile. A personal reminder that toxic legacy tech is a cleanup issue at the micro-level, not just an issue for big corps.

Next up: think about where else I might have that address linked….and then go and clean it up.