Blog Inforeseau.com – Alexandre Blanc Cyber Security

Linkedin Access to your account has been restricted – Final debrief and resilience plan

2024 May 30th, cruising along the internet, doing my posts, sending some contacts invites, and giving shit to the #clowd as usual (cloud=leak, connected=hacked). Damn, no public cloud for anything else than public data. Please.

Did my morning routine, and went for lunch. Checked my phone, and an email from linkedIn came in :

I read this, and I’m like, hell, someone tried to hack my account ! And I even feel thankful that LinkedIn actually protected my account from this fraudulent activity ! … You know, I rant against the cloud, I point security issue hoping people avoid them, I collaborate, share awareness and do things for good. (I don’t want my private data to leak from the cloud, or anyone else’s data either).

I want security and privacy by default and by design. So I wrap my lunch and go on the computer.

Try to login to figure what the hell (is this that PDF that a random guy sent me for review ? Did it steal my oauth session ? … all this kind of things cross my mind. When you are sharing a lot of strong opinions like me, you always have bunch of haters ).

And that’s the screen I get :

I read this, especially the part that says « your content doesn’t comply with our Professional Community Policies », and then I’m like, WTF is this ! Double check the rules, nah, nothing really. Doesn’t make sense.

So I’m like, I’ll wait a bit, I assume I’m just logged out. Check LinkedIn help, but when you are logged out like this, you can’t access much !

I start to get paranoid, I think I really annoyed the cloud gods (M$), or maybe it was that post that I made, about Quebec government who was about to waste billions of dollar in this shitty public cloud mixing Azure and AWS… but I didn’t make it up, it was just highlighting public info from main stream article (I’m always careful, only share information from known sources, despite all the tips and disclosure I receive, I’m careful, avoiding lawsuits and liability).

Part of my company activity is managing LinkedIn pages for other businesses, Cyber Security firms, and others. I also post brand partnership content, like the amazing Cynomi company, which I also use for my vCISO work. Being locked out, I can’t deliver my engagement (writing content, posting on their behalf)…

I try to login again, same BS « content doesn’t comply with our… », can you tell WTF you didn’t like ? nope, they won’t.

---

I start to search online, and I realize that this is happening to bunch of people, which I never realized (I’ve been shadow banned, but I could still access my content, not this time), and I found this : https://expandi.io/blog/linkedin-account-restricted/

Again, I wonder what did I do wrong ? I get hooked to « too many connection requests », true that, I sent dozens of them in the past week, to CISOs, CSOs, CIOs… you know, getting more insight, and visibility.

I let this go for the night and hope that next day stuff is resolved, after submitting many support requests on LinkedIn public help pages. These are frustrating because when you post/submit the form, you get redirected to a related topic, and get no confirmation whatsoever, no email, nothing.

---

Next day I ask my buddies on signal if they still see me, nope… ask other buddies, not only they don’t see me, but our chats are now showing a warning, that malicious content was sent to them (almost looking as a criminal), although it shows « linkedin member », with difference warnings, the softer like this one :

And for some others, a red warning, or black warning.

I think, the worse is that you have NO IDEA WHY ! You don’t know what you did wrong.

---

I know tons of LinkedIn people, I did mentorship, I’ve been invited to record LinkedIn courses (which I didn’t have time to at the time), yet, we did interviews. As LinkedIn top voice in 2020, they verified my ID, sent me a hoodie from LinkedIn, with a thank note (hell they know where I live). It’s not like if they don’t know me.

I verified my ID, I’m cleared for some sensitive things too, government and linkedin knows it all.

But at this point, I realize that I didn’t keep most of the info out of LinkedIn. My speaking engagement history, my certifications, all of this, no track !

At the same time, I still try to figure what did go wrong, what did I do ! Was it a sponsored link that I forgot to check as « brand partnership » ? …. to be banned like this, it must be serious (well it’s not ! )

---

Thankfully, some communication happened by email, and some key contact swho invited me to events where I actually had lunch at the table with LinkedIn infra management and others !! (damnit, we are connected on LinkedIn, but not outside), well, the person that got me as guest, is in my inbox.

I email him, and it starts ! What I didn’t know is that LinkedIn has been wiping people like this for a while, and that it has gone totally nuts. My friend is so pissed, he sends email to Linkedin CEO, and head of trust and safety. At the same time, I start to receive emails from partners and friends.

People have no idea why you disappear, and you have no way to tell them, no I didn’t die, I didn’t kill myself. Some of you know, second half of 2023, I went in bad bad burn out, chronic stress and anxiety, and I did stay offline for a few months.

One of my partner send me this beautiful email :

(the type of kindness that get some tears in my eyes, in adversity, true people shine, and some other show they are real fuckers)

Feeling support from your business partners, friends, and network is critical as you are deleted from the professional world. Let’s say it, LinkedIn is where business connects, if you’re forced out, that’s over. I know other platforms exist, but business and job, that’s LinkedIn (for now).

---

Then it escalates, my partners from all over the world who work WITH linkedin, reach out to their contacts. I’m also member of many groups, one of them being Hackers Without Borders. People that do good and help others.

As soon as they heard about it, they kicked in, coordinated response, they had to fight big corporations before for abuses, these guys are no kids. The team coordinate and start a public communication campaign. (I know a LOT of people, I helped big organizations, countries, governments, law enforcement, and others, I mean, I’d never bug them for favor, unless it’s becoming critical, I could have escalated, way more).

They started to post this « Alexandre Blanc missing » picture :

I gave the group as many contact names as I could remember. I did borrow the account of someone else, to browse some key contacts of mines, and help my memory to spot other people I was connected to.

Basically, the ones I have, from top of my head, direct discussions with. At the same time, I avoided customers, as much as doable, not to mix the situation.

And my buddies tag them in the post, then it started to blast ! People reaching out by email, on my blog here, as I did post about my deletion here.

Email started to get in, my twitter account started to receive messages, I started to be in CC with escalation all over. Specialist of social media account recovery kicked in.

I received support basically from all over the world, anywhere I gave conferences, webinar or brought value, they’ve shown support. From Malaysia to India, from Europe to USA, from Israel to the Emirates ! All over the planet, thousands.

---

Lawyers practices, activists, joined, lawyers and legal council speaking about coordinating class action, activists reaching to politics about the abuses of big tech. It was about to blow in the media, due to the lobbying groups, and contacts. A shit storm bigger than me.

I felt a bit scared, because it was way bigger than me. I didn’t control the response anymore.

A social media specialist gave me this URL, telling me, that’s the one with which they got success to recover accounts in such situation : https://www.linkedin.com/help/linkedin/ask/TS-RHA

Keep this handy, it seems one of the most relevant page, if you tried all the other forms, as help pages are not easy to find when you are locked out.

On June 8th, at noon 10 days after I got kicked out, I received an email from LinkedIn customer support as follow :

First, after all the scenario and hypothesis that came to mind, everything I did read online, it was just that ?!!!!

I was like WTF, can’t you just hide the post for the time of the review ? (it did happen before, they’d tell you that post visibility is limited to you due to bla bla bla with a specific post) but locking me out 100%, a verified identity, linkedin top voice, because one link came at risk (and it was a false positive), what are you smoking ?!!!!

30 min later, I receive this email :

So, you tell me, that you deleted my account, blocked my business, make me appear as a criminal to all my contacts who looked for messages, because of a false positive !! Are you kidding me ?

Not only this, but it takes 2 days to restore everything, so that’s 12 days of business loss (as content creator and social media service provider) !!! 12 DAYS !

---

I know I’m lucky, because dozens of people reached out, in the same situation, some are still locked out, after weeks, some months ! I complain about 12 days, but the platform killed many businesses with its erratic behavior and fake positives.

---

Key aspects to consider here when you are « restricted » :

• You better keep your contacts out of this platform, make sure you have a good old address book
• You better keep a copy of all your content, profile, articles, etc, on an external platform (I’ve my speaking engagement history that was stored in an article, I didn’t have it anywhere else), same thing with my profile / bio.. only up to date was on linkedin.
• You better keep another, if not many other platforms active, like X. I know it’s not better, but this is where people, businesses, have accounts for most. You have to be where people are.
• Then for sure you should have a mastodon account, and ideally, your own blog, on your own server, with your own backups.
• You should make sure you keep your key contacts on signal / telegram. When getting in touch with people, I never want to bug them or disturb, and I’m most of the time shy to even ask for a phone number (I don’t like when people call me either :P you know, geek :P ). But hell, you need to keep this information.
• You should be part of communities outside of linkedin, signal groups, I don’t know, FSF, EFF, and others, making sure you know people and had even an online call with them. This way, you know who’s who and it’s more easy to get support if need be.

What I’ll do differently from now on ?

• I’ll post both on linkedin AND X (twitter) for redundance
• I’ll keep contact information out of LinkedIn as much as doable (good old email is good enough sometimes)
• I’ll post more on my blog, here, because it’s mine. I can say « shit, fuck, cloud is shit » or any fuckery I want, it’s my stuff. (sorry for swearing, it’s just that I won’t censor myself)
• I’ll trust goodwill a bit more. I tend to be paranoid, but community has been amazing, they gave me hope !
• I’ll learn more and adjust overtime

Did they try to delete me because I’m challenging the public cloud for all its abuses and weaknesses ? what is the real reason behind the suspension ? I really can’t believe an OWASP.org link triggered that.

I think they may have run into a quick BS fake reason, seeing the amount of support growing. I like to think this. I can’t believe it could be as dumb as a false positive. But who knows.

So what’s the resilience plan :

• Make sure you have multiple accounts as admin or content admin on the pages you manage, including your own company
• Make sure you leverage the network you build outside of linkedin
• Make sure you keep multiple channels on multiple platforms (with MFA and all) so as people can reach out
• Keep an active website, or blog, so as you still have a way for others to share the information you want or need.
• Check on your contacts on a regular basis, check your LinkedIn messages, and see who suddenly turned into « LinkedIn Member ». It would be cool to keep an intro message in all conversation with « Hi, I’m firstname, lastname, happy to bla bla bla », so as when the name is deleted, you know who it was.
• Back your linkedin connection with a personal welcome email.
• Ok, it’s late, I’m tired. I may add more later on this. All the best !