Your connections are messaging you asking why you just sent them a strange link, and you never wrote it. Maybe you opened LinkedIn this morning to find a sign-in alert from a country you've never visited, or your password simply stopped working overnight. Whatever tipped you off, that sinking feeling is real, and so is the fix. Most compromised LinkedIn accounts can be recovered, and the steps below are ordered so the fastest, most common fixes come first, with the heavier official channels held in reserve for when you're fully locked out.
Before you touch anything, one ground rule keeps you safe throughout this process. Start recovery on a device, browser, and network you've used to sign in to LinkedIn before, because a familiar setup is more likely to be recognized and less likely to trigger extra verification. Do not create a brand-new LinkedIn account to report the hacked one, because recovery always runs through your existing account. And no matter who contacts you, never share a password, a verification code, or a two-factor code with anyone. Real LinkedIn support will never ask for them.
Confirm the Compromise Before You Panic
A few odd notifications don't always mean a hijacking, so take ten seconds to confirm what you're dealing with. The clearest signs are connections reporting messages or invitations you never sent, posts or comments appearing under your name that you didn't write, a password that no longer works, or an email from LinkedIn noting a sign-in or profile change you didn't make.
If you can still get into your account, the active-sessions list (covered below) will tell you definitively whether someone else is signed in. If you can't get in at all, treat it as compromised and move to the locked-out reset flow. Either way, act quickly, because the sooner you cut off the attacker's access, the less damage they can do under your name.
Change Your Password and Force a Fresh Sign-In Everywhere
If you can still get into your account, changing your password is the single most important first move, and LinkedIn's own compromised-account guidance lists it as the first immediate action. While signed in, follow this path:
- 1.Click the Me icon, then go to Settings & Privacy > Sign in & security > Change password.
- 2.Enter your current password.
- 3.Enter a new strong password that you don't reuse anywhere else, ideally a long passphrase.
- 4.Retype the new password to confirm it.
- 5.Check the box for "Require all devices to sign in with new password" so the attacker is forced out.
- 6.Click Save password.
That last checkbox matters more than it looks. Changing the password alone doesn't always boot existing sessions, but requiring all devices to re-authenticate does, which means whoever was riding your session loses access the moment you save.
Reset Your Password From the Sign-In Page When You're Locked Out
If your password no longer works, the fastest route back in is the self-service reset, and it works as long as the attacker hasn't yet changed the email or phone number on your account. On the LinkedIn sign-in page, click "Forgot password?" (or go directly to www.linkedin.com/uas/request-password-reset).
- 1.Enter the email address or phone number on your account.
- 2.LinkedIn sends an authentication code by email or text.
- 3.Enter that code on the next screen.
- 4.Set a new password.
One safety note while you're here. Confirm you're on the genuine linkedin.com domain before you type anything. Phishing pages that mimic this exact reset screen are common, and the code LinkedIn sends you is for you alone, never to be shared or entered anywhere but the real site.
Kick the Attacker Out of Every Open Session
A new password is only half the job if the intruder still has a live session. Check who is signed in and end anything you don't recognize. Click the Me icon, then go to Settings & Privacy > Sign in & security > "Where you're signed in."
Each session listed shows details such as its location, IP address, device type, browser, and last sign-in time. Compare that against where and how you actually use LinkedIn. To clear everything in one move, choose to sign out of all those sessions, enter your password, and confirm. LinkedIn's own advice is blunt here: if you don't recognize a login or device, change your password.
Report the Account to LinkedIn When Self-Service Isn't Enough
Sometimes the attacker has already changed your password and login details, or you're staring at profile changes you can't undo from inside. That's when you escalate to LinkedIn directly. Submit the "Report Unauthorized Account Access or Changes" form, which is reached from LinkedIn's official "Report a compromised account" Help page at www.linkedin.com/help/linkedin/answer/a1340402.
Include your profile URL if you have it, since it helps LinkedIn locate and confirm the account is yours. After you submit, LinkedIn verifies ownership and then helps you regain access. There is no documented timeline for how long this review takes, so don't anchor on figures you may see floating around elsewhere, because LinkedIn's Help pages simply don't state an end-to-end recovery duration. Keep an eye on the email tied to your account for follow-up.
Prove Who You Are With a Government ID
If the attacker has cut you off from the account's email and phone, you can no longer receive a reset code, but there's still an official path. On the sign-in screen click "Forgot password," enter the email or phone on the account, and when you can't receive the code, choose the option that says you can't access that email.
LinkedIn then verifies your identity through its provider, Persona. You select your ID's country, may be asked to take a selfie, and photograph a valid government-issued ID card, driver's license, or passport. After you submit, LinkedIn processes the verification to restore your access. This same identity-verification path is what you'll use if two-factor is in your way and you no longer have the phone tied to it.
Two reassurances on privacy and safety. LinkedIn states that the government-ID data you submit through Persona is generally permanently deleted within 14 days of submission. And before you upload any ID, double-check you're on the genuine LinkedIn domain and the legitimate Persona flow, never a look-alike page. On that note, do not pay any third-party "account recovery service" promising to get you back in faster. The official routes above are the real ones, and a paid middleman can't do anything LinkedIn won't do for you directly.
Turn On Two-Factor Authentication to Lock the Door
Once you're back in control, the most important thing you can do is make sure this can't happen the same way twice. Enabling two-factor authentication is one of LinkedIn's listed steps for securing a recovered account. Click the Me icon, then go to Settings & Privacy > Sign in & security > Two-factor authentication and turn it on.
You'll choose a method. LinkedIn supports two: text (SMS) and an authenticator app, and it recommends an authenticator app such as Microsoft Authenticator over SMS. You may be asked to re-enter your password to confirm the change.
If you were the one locked out because you'd lost your 2FA device, there's a clean path back. If you're still signed in on another device, go to Settings & Privacy > Sign in & security > Two-factor authentication and turn it off, then set it up again with a method you control. If you have no active session, sign in with your username and password and, when prompted, verify your identity through Persona as described above. Note that turning 2FA off makes LinkedIn forget all previously recognized devices, which is exactly what you want after a compromise.
Undo the Damage the Attacker Left Behind
Regaining access is the milestone, and cleaning up is the finish line. Go through your recent posts, comments, messages, connections, and follows, and delete anything you didn't do. Spam links sent under your name can damage your reputation, so be thorough.
LinkedIn can also help reverse the mess. Invitations the attacker sent that haven't been accepted can be withdrawn, posts or comments shared during the unauthorized access can be removed, and messages the intruder sent are moved to recipients' spam folders or labeled with a warning. It's also worth letting a few close connections know your account was compromised so they ignore anything odd it sent.
Frequently Asked Questions
How long does it take to get my LinkedIn account back?
There's no official timeframe published by LinkedIn for completing a recovery, so any specific "minutes" or "weeks" figure you see should be treated with skepticism. The self-service password reset is usually immediate if you still control your email or phone, while the report form and identity-verification routes take as long as LinkedIn needs to confirm you're the owner.
Do I need a Microsoft account to recover my LinkedIn login?
No. Although LinkedIn is owned by Microsoft, it uses its own standalone LinkedIn login, not a Microsoft account. You recover it through LinkedIn's sign-in page, password reset, and Help center, not through Microsoft account recovery.
What if the hacker changed the email and phone on my account?
Use the identity-verification path. On the sign-in screen, click "Forgot password," enter the email or phone on the account, and choose the option that says you can't access that email. LinkedIn then verifies you through its provider, Persona, using a government-issued ID card, driver's license, or passport to restore your access.
Does LinkedIn give me backup codes for two-factor authentication?
LinkedIn's official Help pages on two-factor authentication don't document any backup-code or recovery-code system. If you lose access to your 2FA method, the official path is to turn 2FA off from another signed-in session, or to verify your identity through Persona when you have no active session.
Will paying a recovery service get my account back faster?
No, and you should avoid them. Everything required to recover your account is available for free through LinkedIn's official password reset, the "Report Unauthorized Account Access or Changes" form, and Persona identity verification. A paid third party can't access anything LinkedIn won't give you directly, and handing over your details to one is itself a risk.
How do I make sure this doesn't happen again?
Turn on two-factor authentication using an authenticator app rather than SMS, use a strong passphrase you don't reuse on any other site, and periodically check Settings & Privacy > Sign in & security > "Where you're signed in" to confirm no unfamiliar devices have access. Never share a verification or two-factor code with anyone, since legitimate support will never ask for one.
