Skip to main content


Someone from Bardstown, Kentucky has just been trying to log into my LinkedIn account using credentials leaked from elsewhere, and I'm here chuckling about the little they would stand to gain from this fraudulent access. What's the endgame for compromised LinkedIn accounts? #InfoSec
"We hold your LinkedIn account hostage, here's $10 to get it back, poor guy"
@Doug Levin Fair guess, but in my case I'm only connected to a few people I have other ways of contacting, and a small bunch of former co-workers who do not care about me anymore at all.
@Doug Levin I understand, fortunately I don't have a prominent professional position so it's unlikely it would make any waves.
Honest question: Is LinkedIn still a useful tool to find a job?
@A Sweet Gentleman I found my current job via LinkedIn back in 2014, so I'd be hard-pressed to tell you if it is still useful, hopefully I won't have to actually figure it out anytime soon.
It’s easier to phish when the victim knows thinks they know you.
@Hypolite Petovan Maybe now is the time to dis your fav targets, get banned, then say you were hacked?
They can hack my account all the time they want. If they break and leak my password, they'll have to also pass the almighty 2FA code request.
@The Cybersecurity Librarian :donor: Oof, ok, that one would hurt personally, given how vocal I have been against web3 bullshit in the past.

The endgame is almost always #spam. LI accounts frequently have complete copies of their owners' professional address books, a valuable set of mostly high-quality addresses.

Very rarely (all day every day, but only to a tiny percentage of people) they are going after the account owner specifically or hitting contacts of their primary target to impersonate them.

#InfoSec