The first night of New Year brought in a terrifying moment for me that many professionals fear in the online realm: the hacking of their LinkedIn account. I had no idea that my account would be compromised, especially as I was just about to kick-start the new year on the professional front too. But this experience taught me an important lesson or two not just about online security, but also about the growing risks of LinkedIn account hacking.
It all began on the night of January 1. I logged into my LinkedIn account, as I usually do, to check any updates and connect with my professional network. However, I noticed something unusual—I couldn’t access my account. At first, I thought it might be a temporary glitch, so I quickly switched to my laptop and tried opening my LinkedIn profile on Chrome. To my horror, my account was completely missing.
Panic set in. I immediately attempted to reset my password, thinking that it was a simple login error. But no luck—my password reset attempt failed. At that moment, the reality hit: my LinkedIn account had been hacked.
Breakdown of My LinkedIn Account Hacking
As I struggled to regain access, I received an email from LinkedIn. The email stated that someone had tried to forcefully log into my account. Upon further inspection of the email, I discovered that my profile information had already been altered. My name had been changed to that of a woman named “Amy,” and an Asian (likely from China) woman’s photo had been added to my profile.
This was not just a simple case of a stolen password. This was an account takeover, executed by a hacker or potentially a hacker group. The situation was more unnerving than I initially realized, as I could not even log in to my own account.
Desperate to regain access to my account, I attempted to follow LinkedIn’s recovery process. LinkedIn prompted me to verify my identity, which included submitting a government ID and going through facial recognition verification. Fortunately, I was able to complete this process with success.
Cyble, a cybersecurity firm, was instrumental in helping me in the recovery process. Their expertise and timely advice were crucial during this ordeal, and they also emphasized the importance of enabling two-factor authentication (2FA) to enhance my account’s security.
A Cybersecurity Lesson Learned
Once I successfully regained access to my account, I discovered that the hackers had deleted all of my past experiences, posts, and other profile information. They replaced my profile details with fake information. The new profile bore the name “Amy,” a fashion designer from Hong Kong.
The hacker made several changes, starting with the profile’s username, which was updated to “Amy ~.” They also altered the title, listing “Entrepreneur/Founder/Creative Director” as the new designation, and changed the location to London, England, United Kingdom.
Under the “About” section, the hacker added a detailed biography of the fake individual:
“Hello, I am Amy Zhuang, a female fashion designer from Hong Kong, who has been passionate about fashion since childhood. I graduated from Oxford University College of Art and Design and have been deeply influenced by both Eastern and Western cultures, so I am able to blend traditional and modern elements in my designs to create unique pieces.”
In addition to the profile information, the hacker also modified the “Experience” and “Education” sections. The personal experience section now read: Founder at Jilla Active (May 2017 – Present) in London, UK. The description added was: “Jilla Active is more than just activewear; it’s about solidarity and community love. We encourage everyone to embrace an active lifestyle with fashion-forward, comfortable clothing.” This change was made to present a professional, credible appearance.
The hacker also updated the education section with fake details about attending prestigious universities. The profile now claimed that the individual had studied at the University of Oxford in a postgraduate program for Literature & Art from 2008 to 2012. This made the account look even more legitimate, providing further deception to anyone who might review the profile.
The Widening Problem of LinkedIn Hacking
What I found concerning, however, was the realization that I wasn’t alone. Many other LinkedIn users had faced the same ordeal of hacking and account takeover. In my research, I discovered that many of the hacked accounts were connected to a particular name: Jilla Active, a London-based women’s activewear brand. While it’s unclear whether the company itself was involved, or if they were aware of the situation, the pattern was undeniable. It seemed that many hacked accounts had a connection to this brand.
The Cyber Express has reached out to the organization to learn if more incidents or individuals had reported of similar hacking incidents linked to their name. However, at the time of writing this, no official statement or response has been received.
It became clear that hackers were targeting individuals with LinkedIn profiles connected to certain businesses or brands, especially those who may have had higher visibility or valuable connections. After hacking the accounts, they would quickly alter the name, email address, backup email, profile URL, and other details to make the profile appear completely different from the original.
The Importance of Two-Factor Authentication (2FA)
Through my recovery process, I learned a valuable lesson: two-factor authentication (2FA) is no longer optional; it’s essential. Cyble repeatedly emphasized how 2FA could have prevented this breach. By requiring an extra layer of security beyond just a password, two-factor authentication can block most unauthorized login attempts, even if the hacker knows your password. This experience prompted me to immediately enable 2FA on all my accounts, including LinkedIn, to prevent any future hacking attempts. It’s a simple step that can save your accounts from being taken over by malicious individuals.
The hacking of LinkedIn accounts is becoming an increasingly common phenomenon. Hackers are not just stealing passwords anymore—they are taking full control of accounts, altering profiles, and using them for various malicious activities. These account takeovers are often linked to fraudulent business ventures, scamming individuals, or gaining access to sensitive professional networks.
In my case, the hacking of my LinkedIn account was a personal wake-up call. But after extensive research, I found that it wasn’t an isolated incident. Many others have been victims of LinkedIn hacking, and the trend appears to be growing.
Final Thoughts and Ongoing Investigation
While I have regained control of my LinkedIn account, the damage caused by the hackers is overwhelming. They erased my past posts, endorsements, and achievements, leaving only a shell of my professional presence. The incident is still under investigation, and I will continue to monitor the situation.
It’s important to stay alert and aware of the threats that lurk online. The trend of LinkedIn account hacking is on the rise, and all professionals should take steps to secure their accounts. Enabling two-factor authentication, using strong, unique passwords, and regularly checking your account activity can help protect against this kind of cyberattack. As of now, The Cyber Express will continue to monitor this issue, and I will provide further updates as the investigation into these hacked accounts progresses.
