LinkedIn Users Worldwide Targeted in a Massive Hacking Campaign

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

In recent weeks, LinkedIn account holders across the world found themselves being targeted by unknown threat actors. Their LinkedIn accounts were either locked out as a part of security measure or were completely taken over by the hackers.

Security researchers at Cyberint have reported that they have seen an uptick in user complaints across various social media platforms. Desperate users have vented their anger against LinkedIn’s lack of support to resolve this issue.

Moreover, the research team claims to have seen an increase in searches related to LinkedIn support and advice for solutions regarding hacked accounts. For instance, the term ‘’breakout’’ alone has witnessed an increase of over 5000% in searches.

‘’Our analysis using Google Trends reveals a significant surge in the past 90 days in the volume of Google searches related to the hacked account campaign. Search queries such as “LinkedIn account hacked” or “LinkedIn account recovery” have experienced a substantial upward trend, reported Cyberint researchers.

In this instance, the attackers seem to have employed two different modes of attack. The Temporary Account Lock tactic, in which the attacker has tried to breach accounts by exploiting two-factor authentication or brute force attacks on passwords. These attempts caused LinkedIn to temporarily lock legitimate users’ accounts and for security reasons they need to verify their emails and update passwords.

If successful, under the second mode of attack (Full Account Compromise), a victim’s account can be completely taken over by the attacker. The account associated email and password is changed, thus rendering it impossible for the legitimate owner to recover the account.

According to the researchers, some account holders have also received ransom messages asking for a few tens of dollars, to regain access. While others have seen their accounts deleted entirely.

This incident can lead to a significant increase in threat attacks like blackmail, social engineering of profiles, data gathering via impersonation, and spread of malicious content, warned Cyberint .

Although the specific intent of the attackers remains unknown, few potential methods employed by them to gain access to LinkedIn accounts have been identified. Users are advised to reset their LinkedIn passwords and also enable 2FA for improved security.

Discord Halts Operation After Hackers Steal Data of 760k Users

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

In a public statement , Discord.io disclosed that it was shutting down its services for the foreseeable future as it had suffered a massive data breach. The attack had allowed the hacker to steal information of its 760,000 users.

Discord.io is not an official Discord website, rather it is a third-party service that allows Discord server owners to create personalized links for their channels.

Discord.io was made aware of the breach after the hacked database was found to be for sale on the new Breached hacking forums. The new third-party forum is the rebirth of the infamous cybercrime marketplace famous for selling and buying hacked databases.

The stolen information included sensitive details like, all users’ usernames, email addresses, and Discord IDs. Some users’ billing addresses as well as salted and hashed passwords have also been stolen. Discord.io assured its members that as the company does not store any user’s financial information on its servers, thus, this data was not exfiltrated.

Non-sensitive information like, internal user ID, registration data, coin balance, user status, API keys, etc., was also accessed by the attacker.

On confirming the authenticity of this data, Discord.io announced that it had canceled all active subscriptions and would be refunding members who had purchased premium subscriptions in the last 30 days.

In addition, its own investigation revealed that the breach was caused by a vulnerability in its website’s code, which allowed the attacker to access and download the entire user data.

Moreover, Discord.io assured its members that, ‘’We will continue to investigate the possible causes of the breach, and we will take steps to ensure that this does not happen again. This will include a complete rewrite of our website’s code, as well as a complete overhaul of our security practices.’’

Discord.io explained that the exposure of such information creates potential risks for compromised individuals, especially in the form of phishing attacks. It also makes it possible for others to link an individual’s Discord account to a given email address.