Shortly after LinkedIn confirmed about 6.5 million accounts had been compromised, some users received emails that appeared to be from LinkedIn, but were actually from opportunistic scammers!
The emails included links and told users they had to click on them to confirm their registered email accounts with LinkedIn. However, the links did not confirm your email address. Instead, they took you to an illegal online pharmacy. According to a recent MSNBC article, it is not uncommon for scammers to use high profile events such as the recent LinkedIn and eHarmony security breaches to spread malware or sell products.
Whenever there is a high profile event, it’s important for users to be careful about the emails they receive. For example, the LinkedIn blog posted an update shortly after the attacks that said official emails from the company would not include hyperlinks. If you receive an email from a website asking you to confirm your account information, it’s a good idea to avoid clicking on or copying links in the email. Instead, type the website’s URL into your browser and navigate to it manually.
LinkedIn update on password security
LinkedIn posted a blog update on June 7, highlighting many of the precautionary measures the company is taking to improve website and password security. In addition to working with law enforcement to investigate the issue, LinkedIn wrote it has reset the passwords of potentially affected users and implemented password salting to improve the security of its stored user data. Password salting is a security best practice that adds a random string to stored passwords and scrambles them, making it much more difficult for hackers to identify the password, unless they have the encryption key.
Were you affected by the recent security breaches? Did you receive an email asking you to confirm your account? Do you have any private information stored on your LinkedIn account?