Criminals have already started taking advantage of millions of stolen LinkedIn passwords that were uncovered today. Spoofed emails are being sent to LinkedIn users, phishing for personal information and redirecting traffic to Viagra-selling websites.
This morning it was reported that 6.5 million passwords from the business social network had been leaked. The passwords were hashed, not plain text, and uploaded to a Russian website this morning. Researchers quickly looked into whether the passwords were legitimate, which was later confirmed by LinkedIn. The company released a blog post saying, “we can confirm that some of the passwords that were compromised correspond to LinkedIn accounts.”
Any LinkedIn user who had not yet changed their passwords should do so immediately.
But be careful not to do so through an email prompt. Eset security researcher Cameron Camp explained in a blog post today that a number of LinkedIn users have been receiving emails from the social network asking them to confirm account information. Camp has found these to be false emails, spoofed by cyber criminals to look like legitimate notifications from LinkedIn. Indeed, the first link in one of these spoofed emails will take you to a website selling Viagra.
These types of spoofed emails are unique to today’s incident, but there’s a change that criminals could take this opportunity to attempt to phish personal information out of unsuspecting LinkedIn users.
hat tip The New York Times; Phishing image via Shutterstock
Filed under: VentureBeat
No comments:
Post a Comment