LinkedIn members receive scam emails following password leak
Some LinkedIn members have received phishing emails, claiming to be from the social networking site and asking users to ‘confirm’ their passwords, following the leak of 6.5 million passwords.
According to the BBC, the emails say that users should confirm their passwords by clicking a link, but this takes recipients though to a counterfeit drugs website.
Vicente Silveira, director at LinkedIn, said: “We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts: Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
“These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
“It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.”