We recently became aware that some LinkedIn passwords were compromised
and posted on a hacker website. We immediately launched an
investigation and we have reason to believe that your password was
included in the post.
To the best of our knowledge, no email logins associated with the
passwords have been published, nor have we received any verified
reports of unauthorized access to any member’s account as a result of
this event. While a small subset of the passwords was decoded and
published, we do not believe yours was among them.
The security of your account is very important to us at LinkedIn. As a
precaution, we disabled your password, and advise you to take the
following steps to reset it. If you reset your password in the last
two days, there is no need for further action.
THIS IS A SCAM - LINK WILL STEAL YOUR INFO
1. Type [url]www.linkedin.com/settings[/url] directly into your browser
2. Type in your email address and press Sign In, no password necessary
3. Follow the on-screen directions to reset your password
Note: Do not reuse your old password when creating your new password.
If you have been using your old LinkedIn password on other sites, we
recommend that you change those passwords too. We appreciate your
immediate attention to resetting your password and apologize for the
The LinkedIn Team[/QUOTE]
Anyone else get this?
Last edited by WestCoastOffensive; 06-11-2012 at 10:18 AM.
[QUOTE=quantum;4487307]Where does the link go? May not be linkedin if its a phish...[/QUOTE]
It was in the news I think it's legit; I have to use linked in at work sometimes; pesky 30 somethings that haven't paid their dues are demanding that i link them. It's all moving too fast for me :shakes cane:
[QUOTE=Lone Star Lady;4487319]Just checked. Didn't receive that email. Whew, my resume is safe (as if anyone wants it). :D
Guess you're just special, WCO. :P[/QUOTE]"Birthday" special, or Short Bus Special? :dunno: :D
[QUOTE=JetPotato;4487320]This has been all over the news for the last day or so, millions of passwords were stolen from LinkedIn. So, yes, I'm sure Trey Anastasio emailed him as a goof.[/QUOTE]Well played.
[QUOTE=JetPotato;4487320]This has been all over the news for the last day or so, millions of passwords were stolen from LinkedIn. So, yes, I'm sure Trey Anastasio emailed him as a goof.[/QUOTE]
were you being sarcastic? couldn't tell. lots of places now know enough NOT to send a link in an email - they just tell you to log in and change your password. (emails passing through compromised systems can be easily changed)
LinkedIn Password Breach Spawns Spam CampaignA data breach at LinkedIn, the business-oriented social networking site, has spawned a spam campaign that tries to take advantage of users worried that their passwords were among the 6.46 million posted on the Internet.
The spam campaign uses service messages pretending to be from LinkedIn, but no connection has been established between the data breach and the spam messages.
"Because similar e-mails have been circulating for some time, it is hard to say if this is an example of a coordinated scam designed to leverage the security breach made public [Wednesday], or simply a coincidence (like getting a phishing e-mail asking you to reset your Bank of America online banking password two days after you opened an account there)," Cameron Camp, a security researcher at Eset, wrote in a company blog.
[Click to enlarge] LinkedIn Password Breach Spawns Spam CampaignThe bogus LinkedIn message, crafted to look like a genuine communication from the site, asks the recipient to confirm his or her e-mail address and contains a link for doing so. Clicking the link spirits the target to an illegal online pharmacy selling Viagra and other medications.
The campaign couldn't come at a worse time for LinkedIn, which has been using e-mail to communicate with its members affected by the massive breach of its systems.
Aware that clicking on links in e-mails is a bad security practice, LinkedIn is using a two-step process. Users affected by the breach first receive an e-mail without any links in it. It informs the member that they must reset their password and provides them with steps for doing so.
After completing those steps and requesting password assistance, the member will receive a second e-mail with a password reset link.
"It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases," LinkedIn’s director, Vicente Silveira, wrote in a company blog.
LinkedIn was criticized when the breach was revealed for not "salting" the password hashes of its members. Hashing a password encrypts it so that it’s unintelligible to the naked eye. But hashing schemes yield the same hash for the same password. So for all sites using an encryption scheme like SHA-1, a password like linkedin123 would have the same hash across all the sites. That makes the hashes easy to crack with the right reference tools.
LinkedIn Password Breach Spawns Spam CampaignSalting the hashes adds random characters to the hash. That makes each hash unique and much tougher to crack.
LinkedIn wasn't the only website targeted by hackers this week. Online dating site eHarmony was also penetrated and 1.5 million password hashes were posted to the Web.
Hackers typically post hashes they're having difficulty cracking to the Internet to get help from their colleagues in deciphering the passwords.