More than 6 Million Passwords Stolen from LinkedIn

June 7, 2012

By Darrin Clouse:

LinkedIn confirms that  more than six-million of their user’s accounts were compromised, after a hacker posted a list of stolen user passwords on a Russian internet forum. The confirmation prompted LinkedIn to send out a mass alert , instructing all of the affected users to immediately change their passwords. Several of us here at the Consumer Warning Network received that vague email from LinkedIn, mentioning nothing more than a need to reset our password.

A dual assault?

eHarmony, an online dating site, also announced they had been victimized by the same attackers that wreaked havoc on the LinkedIn site. Investigators working on the LinkedIn breach became suspicious when they noticed a large number of the posted passwords contained the word Harmony or eHarmony, and after further inspection, their theory turned out to be true.  eHarmony estimates 1.5 million passwords were stolen from their users.

But wait, there’s more!

As with any disaster, the damage seems to feed off itself, opening up opportunities for other disreputable scams.

The increasing wave of fear generated from this recent lapse in security, most likely has spawned another hoax. A spam campaign that uses service messages pretending to be from LinkedIn. Be careful, so you don’t fall for any fakes trying to get your information. As of yet, no connection has been established between the data breach and the spam messages, but the timing seems suspicious.

How to recognize the scam

The bogus LinkedIn message, designed to represent a formal communication from the site, asks the recipient to confirm his or her e-mail address by clicking on the provided link. That click will transfer the new victim to an illegal online pharmacy,selling Viagra and other medications. That’s always the tell-tale sign of a hack job when you get sent to one of those ad sites.

The campaign couldn’t come at a worse time for LinkedIn, which has been using e-mail to communicate with its members affected by the massive breach of its systems.

How to tell if LinkedIn communication is legit

LinkedIn is using a two-step process in their attempt to clean up this mess. Users affected by the breach will first receive an e-mail without any links in it. It informs the member that they must reset their password and provides them with steps for doing so.

Lastpass, a password-management firm, is offering a free security check for anyone who thinks their password might have been stolen. Click here to visit their site, where they provide specific tools for checking either your LinkedIn, or your eHarmony password.

Knowledge is Power

On-line corruption will  always be around. In fact, hacking techniques advance at about the same pace as legitimate technology. The consumer’s best defense is to stay informed and up to date with the latest privacy control options. Keep in mind how much of your personal information sits right inside of your online device, it’s worth protecting.