My LinkedIn Account Was Compromised
My LinkedIn Account Was Compromised
It was Sunday evening and I was snuggled on the couch with my MacBook in my lap, all set to put the finishing touches to the slides for my LinkedIn webinar that I was presenting the following day. I visit www.linkedin.com and I am faced with the following screen:
I am not yet panicking as I have a big blue button to click to verify my account. Surely LinkedIn is just adding this new setting as a precaution. I was expecting to answer a few security questions such as my date of birth or to identify some of my connections on LinkedIn, but oh no, I am faced with something that makes me hesitate. LinkedIn has requested that I upload my passport, ID card or driving licence. Really? I think to myself that this surely must be some type of scam. Why on earth would a social networking site request such information?
Take the plunge!
I hit a brick wall in every direction, so I inform my staff, my freelancers, and all of my clients “do not upload your ID to LinkedIn until I give you the green light”. I wanted to make sure that my own personal data was not compromised before I let my colleagues and clients go ahead and upload their ID. I was very dubious, but I uploaded a scanned copy of my passport at 11pm on Sunday evening. By 11am the next day I had received an email from LinkedIn to say that I needed to change my password but that my account had been reactivated.
What happens next?
If you know someone who has had their LinkedIn account put on “restricted access”, then please ask them to follow these steps.
Step 1 – Verify your identity.
I can confirm that it is safe to upload either your passport or your driving licence to verify your account. You WILL need to do this before you can gain access to your LinkedIn account. I was concerned that my passport was in my married name and my LinkedIn account is in my business/maiden name but it was fine. The software for verification works via facial recognition.
Step 2 – Do NOT log-in, click “Forgotten Password”
Within 12-24 hours you will receive an email from LinkedIn asking you to change your password. Do NOT try to log in at this stage. Simply type your email address at the login screen and click “forgotten password”.
Some users received an extra email with a password reset link, but if you don’t get one, just follow the step above.
Step 3 – Chose a cryptic password
Make sure that your password uses a mix of letters, numbers and symbols. Try password generator, or 1Password, or LastPass if you are worried about passwords. Or, some of my clients tend to use two number plates that they can remember easily.
Step 4 – Request your data from LinkedIn!
During my panicky moments, I realised that I had not requested my data to be downloaded from LinkedIn. It is typical that I constantly show other people how to download data, and I make my coaching clients put it into their schedule every month, but I had not downloaded my own data for at least three months. I can hear my mum in my ear saying “Do as I say, not as I do!”. I urge you to request a full download of your data asap. Below is a video to show you how to do this. Your data will include your contacts with their information including their email addresses, the groups you are in, the companies you follow, the recommendations that you have received, etc. If you were to lose your LinkedIn account in the future then this information is crucial. Download it now and save it somewhere safe!
Step 5 – Close your open sessions asap.
When you are travelling, it is amazing how many LinkedIn sessions you leave open. This can leave you vulnerable. Make sure that when you have left that Starbucks, especially after using their guest wifi, that you close the session. Close the doors to those potential hackers!
Here is a quick video to show you how to close your sessions.
Step 6 – Review all your email addresses within your privacy area.
One of my clients had her account hacked last week and the hackers email address was actually within the privacy details on her account. Yikes! This means that he could still access the account. So once again, this should be something that you check on a regular basis. I always recommend having a minimum of two email addresses and to make sure that your work email is your primary email as this is the one showcased on your LinkedIn profile.
Step 7 – Activate Two-Step Verification
I know that a two-step verification is time-consuming, but after my recent experience, I have now activated it for my personal account. Every time I log into LinkedIn I receive a text message on my phone with a 6 digit code. I then enter this code into LinkedIn and I am ready to access my account.
To activate your two-step verification process go to the little circle with your photo in it on the top right-hand corner > privacy and settings > Privacy > Security > click “turn on” your two-step verification.
This experience has proven to me once again that you can not 100% rely on social media to build your business. I am chuffed that we have spent the last two years building content on our own website and also creating a large email subscription list. These are elements of our marketing that we do have 100% control over. It is important to not take these platforms for granted and protect yourself at every possible avenue. I still think it is a little bit strange for LinkedIn to request official government ID, but I am sure they have their reasons.