How to Recover a Hacked LinkedIn Account (2026 Guide)

Why a Hacked LinkedIn Account Is Different

A compromised LinkedIn account carries risks that go beyond most other platforms. Your connections trusted you professionally. Hackers exploit that trust — sending phishing links to your network, impersonating you to scam business contacts, or demanding payment to return access. Meanwhile, years of career history, endorsements, and business relationships sit locked behind someone else's password.

Acting fast matters. The longer an attacker controls your account, the more damage they can do — and the harder recovery becomes. This guide covers every step, in order, from the moment you realize something is wrong.

Step 1: Determine Whether You Can Still Log In

The first question is simple but critical: can you still access your account at all?

If yes — you caught this early. The attacker has accessed your account but has not yet locked you out. Move immediately to Step 2 before that changes.

If no — the attacker has already changed your email address, phone number, or password. Skip to Step 3 for the locked-out recovery path.

Step 2: Secure Your Account If You Still Have Access

If you can log in, do the following in this order:

1. Change your password. Go to Settings & Privacy → Sign-in & security → Change password. Choose a long, unique passphrase you do not use anywhere else.
2. Terminate all active sessions. In Sign-in & security → Where you're signed in, end every session you do not recognize.
3. Verify your contact information. Confirm that your registered email address and phone number are still yours and have not been swapped.
4. Enable two-factor authentication (2FA). Under Sign-in & security → Two-step verification, add a mobile authenticator app or phone number. This means a stolen password alone cannot unlock your account again.
5. Revoke suspicious app access. Go to Settings & Privacy → Data privacy → Permitted services. Remove any third-party apps you did not authorize.

Step 3: Reset Your Password If You Are Locked Out

Go to linkedin.com, click Sign in, then Forgot password. LinkedIn will send a reset link to your registered email or an SMS code to your phone. Follow the link and create a new strong password.

If the attacker already changed your email or phone number, this step will not work — the reset message goes to an address you no longer control. Proceed to Step 4.

Step 4: Submit LinkedIn's Compromised Account Report

LinkedIn has a dedicated process for accounts that have been taken over. Open the LinkedIn Help Center and navigate to Report a compromised account. Submit the form with your profile URL and a clear description of what happened.

After submission, LinkedIn initiates identity verification through Persona, their third-party identity provider. You will need to upload a clear photo of a valid government-issued ID — a passport, national ID card, or driver's license. LinkedIn reviews these submissions within 2 to 3 business days in most cases, though complex situations can take up to two weeks.

For additional verification steps and troubleshooting if the initial form does not work, see LinkedIn's identity verification guide.

Step 5: What to Do When LinkedIn's Process Fails

LinkedIn's self-service appeal system is inconsistent. Many users submit identity verification and receive no response, or get a generic denial with no explanation. If you are stuck here, you have two practical paths.

Legal escalation under EU law

As an EU platform user, you have enforceable rights that LinkedIn is legally required to respect:

• GDPR Article 15 (Right of access) — You can demand that LinkedIn explain what happened to your account data and document who accessed it.
• DSA Article 20 (Notice and action obligations) — LinkedIn must provide a clear, specific reason for any account restriction, not just a reference to Terms of Service.
• DSA Article 21 (Out-of-court dispute resolution) — If LinkedIn's internal process fails, you can escalate to a certified dispute resolution body.

You can also file a complaint with the Data Protection Commission in Ireland, which supervises LinkedIn's EU operations. The DPC fined LinkedIn €310 million in 2024 for GDPR violations, which signals that regulators take these obligations seriously.

Professional recovery

If you need your account restored quickly and do not want to navigate legal filings alone, professional recovery services handle this on your behalf. Services like Recover submit structured legal arguments citing GDPR and DSA to reach real staff inside LinkedIn rather than relying on automated appeal queues. With a 97% success rate and 96% of cases resolved within 30 days, it is the most reliable option when self-service options have failed.

Pricing for a personal LinkedIn profile starts at €290, with a pay-after-recovery option available: a €19 deposit upfront, and the full fee charged only if recovery succeeds. If recovery fails, you owe nothing beyond the deposit. For more details on pricing tiers, see the pricing page.

After Recovery: Close Every Door the Attacker Used

Regaining access is not the end. A recovered account is still at risk if you do not remove the attacker's foothold:

• Enable 2FA immediately if you have not already done so.
• Audit every connected app in Permitted services and remove anything unfamiliar.
• Alert your professional network if the attacker sent phishing messages or fake job offers from your account.
• Download your LinkedIn data archive (Settings → Data privacy → Get a copy of your data) to review what was changed or exported during the compromise.
• Consider using a password manager to generate and store a strong, unique LinkedIn password going forward.

If your account was not hacked but restricted for another reason, see our guide on LinkedIn account restricted: how to reactivate it.

Sources

1. LinkedIn Help — Report a compromised account
2. LinkedIn Help — Verify your identity to recover account access
3. General Data Protection Regulation (GDPR) — EUR-Lex
4. Digital Services Act (DSA) — EUR-Lex