My LinkedIn Account was Hijacked — but it gave me a better view of (most of) humanity

How did this happen? As someone who runs a tech company, you would think I would know better. In my defense, I was an idiot — or busy. Sometimes it's hard to distinguish between the two. I should know better and I am making this public confession so that some of you will change your passwords and add two-factor authentication now.

I feel like I owe you all because so many people kindly responded to the hacker with their email or phone number saying yes, they would help out my (non-existent) friend. The hacker had access to my account for less than 48 hours. It might have been longer except that Eric hit me up on Facebook and said, "Hey, I got a message from your LinkedIn account and I don't think it was from you."

(If you really DO want to help me out, you can sign up for our webinar on Jul 15, 2026 to get a free copy of 7 Gen Blocks and learn how to make educational games. You don't need a password to sign up! I'll even send you a link to the video and the free download even if you don't attend. )

Once I got my account back, I saw all of you who responded to "my" message. You are some very nice people. In the interest of the public good, here are the mistakes I made and the easy fix to get your account back.

Also, if you got a response before Thursday, it may well have not been from me. I am not teaching judo lessons nor do I have a young friend who needs help.

Mistake # 1 — Not changing my passwords on low priority accounts

On many accounts, I had not changed my password in three years. Most of those accounts, I had completely forgotten I had ever signed up for.

I know, I know you're supposed to change your passwords regularly but we've been working on our 7 Gen Blocks game builder for the past three years, yes, three years and now are on our third and final iteration. That seemed a bigger priority than changing my password on some random site I had to sign up for to download a white paper two years ago.

Wrong!

Start changing your passwords now. I had a lot I needed to change.

Mistake #2 Re-using passwords on low priority accounts

For things like my bank account, I have strong passwords and two-factor authentication. For sites like sign_up_to_read_this.com I used the same random password. My thought was, "What do I care if someone else uses the account the parking garage at the LA Convention Center required? It's not as if my bank account is connected to it."

Well, years ago, I was never on LinkedIn and it fell in that category of not important. Then, I started using it a lot more but never changed my password.

Mistake #3 Not having two-factor authentication

See below.

The Hijacker and How I Got My Account Back

When I saw the messages, I assumed it was some automated program. It was not. It was an actual person. How do I know this?

I was logged in on my laptop. When I went to change my password, I couldn't do it because my account had been changed to have two-factor authentication and that authenticator was on someone else's device. It also showed I was logged in Virginia (I wouldn't be surprised if it was not actually Virginia).

I posted on LinkedIn that my account had been hacked and that any messages from me were fake. Within minutes, the account had been taken private and I was logged out. It probably would have been smarter if I had contacted LinkedIn first.

Here is the link to report a compromised account

https://www.linkedin.com/help/linkedin/ask/TS-RHA

Here is information on what to do if your account is compromised.

https://www.linkedin.com/help/linkedin/answer/a1340402

I could not do two of those things, re-set my password or set up two-factor authentication, because the hijacker had already set up authentication to their own device.

I submitted the form to LinkedIn and Diana, our project manager at 7 Generation Games, also submitted a form for "someone I know" . Since my account had been taken private, she could not provide the URL or show connection.

I will say that LinkedIn rocked. I was a little concerned because I read online that it could take five days or more to get your account back, but they sent me an email within a couple of hours that it was back.

Log out of other locations!

This may have been a loop if I hadn't shortly after getting my account back checked to see if it was logged in elsewhere. I had assumed that LinkedIn would have taken care of that, but I saw I was still logged in, supposedly in Washington state. I logged out that device and I was back.

I hope this is helpful. I really do appreciate that so many people responded to the fake messages that they were ready to help. I did not ask for anyone's email or phone number, so if you got that request, it wasn't from me.