Hackers have launched a new phishing campaign against LinkedIn members that uses compromised LinkedIn accounts to send messages with malicious links and downloads to potential victims in an attempt to steal credentials and personal information.

The campaign, first spotted by security researchers at cybersecurity firm Malwarebtyes, makes use of real LinkedIn accounts that have been compromised in order to make the phishing messages sent via LinkedIn’s messaging system appear legitimate. According to Malwarebytes researchers, the attackers have managed to hijack a number of LinkedIn member accounts.

A low-tech but cunning malware program is worrying security researchers after it started spreading rapidly in the past week through a new attack vector: by forcibly exploiting vulnerabilities in Facebook and LinkedIn. According to the Israeli security firm Check Point, security flaws in the two social networks allow a maliciously coded image file to download itself to a user's computer.

Users who notice the download, and who then access the file, cause malicious code to install Locky ransomware onto their computers. Locky has been around since early this year, and works by encrypting victims' files and demands a payment of around half a bitcoin (currently £294; $365) for the key.

Last month, information associated with more than 100 million LinkedIn accounts has emerged online, and malicious campaigns that abuse this user data have started to appear. 

Stolen account information that ends up on the Dark Web isn’t always used to take over accounts, but can be abused in many other ways, including the spreading of malware. CERT warned that malicious emails containing fake invoices as Word documents contain a personal salutation and business role of the receiver. The names and business positions in these emails were associated with the LinkedIn leak, being consistent with public LinkedIn profiles.

A seemingly benign group of hackers is taking over the social media accounts of big personalities in the wake of the leak of hundreds of millions of LinkedIn passwords.

The group claims to have recently hacked the accounts of, Twitter co-founder Biz Stone, Minecraft creator Markus “Notch” Persson, actor Sawyer Hartman, and pop star David Choi, among others. The only thing these targets have in common is that they are relatively famous, and all have a LinkedIn account. It’s unclear how the hackers are taking over the accounts, but there’s some circumstantial evidence that supports the theory that they might be using passwords stolen from LinkedIn back in 2012.

Data from an older LinkedIn data breach has surfaced online, and a hacker known as Peace_of_mind is selling it for 5 Bitcoin on the Dark Web marketplace TheRealDeal. LinkedIn suffered a massive data breach in 2012 when hackers breached its servers and stole some of its user records.

Later, the hackers posted 6.5 million of the stolen records online, complete with user passwords in hashed format. Peace claims that this data is part of that 2012 breach. He claims to have details about accounts but said that only about 117 million include hashed passwords.

Unlike the majority of social media sites, LinkedIn is business oriented and focused on networking. This allows it to stand out and has contributed to its immense popularity. However, as we’ve mentioned in the past, as with any form of social media, the more popular a network is, the more likely the chance of security issues.

With the site’s focus on professionalism, it is safe to say that the risk of someone sharing embarrassing photos with too public of an audience shouldn’t be an issue. Well if you are sharing those types of photos on LinkedIn, you may want to reconsider how you are using the platform, because that not exactly what it’s for.