Has LinkedIn Been Hacked?

I use Linked In, and consider it a valuable tool.
But lately, I have been receiving “messages” from people that I don’t know-when I click on the link, I usually get an ad for canadian drugs or viagra.
I use Kaspersky A/V, so I’m sure that these are not false web addresses-but it concerns me that (apparently) my data on LI has been compromised by some hackers/web hucksters.

I don’t even belong to LinkedIn and I get those emails all the time. I don’t think they’re coming from LinkedIn.

I’ve gotten a spam that looked like a linkedin update message. It did not originate from linkedin and the links obviously did not go to the linkedin site. If you got the same thing, it’s just spammers spoofing linkedin messages and all they are doing is spoofing the look and feel of them, so they aren’t even sophisticated spoofs.

Yeah, I get those too. Someone has started spoofing the LinkedIn email format. Or at least, the old LinkedIn email format, because new LinkedIn invites have a different format. When they come to me on Yahoo mail:

1). Yahoo mail often identifies them as spam
2). The link doesn’t go to www.linkedin.com when I mouse cursor hover-over, and its not even close – its never like www.lnked.in but instead http://bt.ly~ruin this guyz day.pgp or some such foo
3). Linked In itself doesn’t have the invite, so just go there when you have an email and check.

Like others, I get stupid emails like this all the time. I get ETrade warnings, Paypal warnings, Ebay messages. I almost feel sorry for the poor spammers, picking endless sites that I’ve never been on. :frowning:

To tie this all together, the messages are a not a result of anyone hacking into LinkedIn. They are a result of phishing attacks against emails based on a massive list. Some people on the list happen to have LinkedIn accounts, so to them it rings a bell. LinkedIn has become popular enough that this works for the phishermen.

ralph124c, in these emails that you get, do they call you by your real name as registered in LinkedIn, or do they say, “Hello ralph124c@gmail.com” (or whatever your email address is)?

Another example: An email I got today was a message “from” a LinkedIn user blasting me for sending spam to her with a link to find out more.

I checked the message source, it was not via linked in at all, the link went to a site with an iffy name, etc.

Anyone can send spam/malware that at first looks like it’s from a legitimate source. Don’t click on anything in any email ever without double checking its actual source.

First time here, but wanted to share.

I think I was hacked on Sunday February 19, 2012 while logging into LinkedIn, a site I have used for about 7 years.

During the log-in I was intercepted by a Pop-Up that asked me if I wanted to re-connect with contacts. ‘We will never store, or share your email or password’ it said. Don’t know what possessed me, but hey it was LinkedIn and I know they like to data mine using your address books.

Well, around 1:15 PM today, 4 days later my email ID used on LinkedIn started sending out SPAM. Good thing I have myself in my address book, or I would never have known.

What I don’t know is whether the hacker only had access to my web mail contacts, or if he was able to scoop my address book of my desktop (that would be really scary!).

I believe he scooped my contacts off the web mail and perhaps my contacts on Linkedin.

Mail server shut my old email down. Bit of a PITA cleaning up the mess though.

I may bug out of LinkedIn after this too.

Anyone have a similar experience?

You may be jumping to conclusions. You might want to read through this whole thread.

First, I do not know if it is possible for a pop-up to be triggered from a web page by a third party unless the machine is infected with a virus. You may want to make sure you are fully protected.

How did you find out that spam is being sent from your email address? Is it going only to people you know, or lots of random people? If it’s lots of random people, then somebody just picked up your email address from someplace and it probably has nothing to do with LinkedIn.

Does your webmail outbox show the spam that was sent? If so, then your mailbox was hacked and it has nothing to do with LinkedIn. If not, then your email address is probably being spoofed. This happens frequently when a virus infects a machine then uses email addresses from that person’s address book are spoofed to send spam. That is, someone else who has your email address on their computer may be infected and this whole thing might have nothing to do with you or LinkedIn.

There are lots of possibilities and I wouldn’t assume that it’s related to your LinkedIn login just because you got a pop-up window recently.

Thanks for the reply.

Basically no to each of your points.

I use a number of software virus detection and pop-up blocking solutions including SpyWareBlaster, AVG 2012, and AdBlocker (within FireFox). At least once a week I run SuperAntiSpyware to ensure that I am clean facing outward to the Web. We’re firewalled as well, although that has no bearing on what occurred. (Used to use ZoneAlarm, but had to stop using ZA because it, like Norton, became too much of a nuisance when installing new software).

I don’t know what is in my sent folder on the web mail server, because I can’t get back on to view it. I can, from the client side, pull mail from the inbox though. AOL has locked the ID down. Unfortunately my password recovery questions for this particular email address are over 14 years old, set up when the email ID was owned by Netscape. The alternate email address in this email’s profile I haven’t used in over 2 years.

So far, AOL has ignored my request for some assistance in resetting the ID. LinkedIn has ignored the issue that I raised entirely (apparently a common thread across multiple discussion forums). Interestingly, CERT is investigating why LinkedIn never reports or confirms intrusions to CERT.

**What I do know however, is that the one and only time I have ever shared the password for this email or any account I own was, as I mentioned a week ago. **The SPAM appears to have come from my email address list on the AOL web mail server that I also placed myself in (using another ‘disposable’ email address) as an early warning should I be hacked and SPAM started generating.

I don’t know if it is possible to have someone phishing on the side of a web site either. But as an analogy, who would imagine that Adobe could create a security risk for Windows when an infected .PDF file is opened? Anything is possible these days I guess. There are hackers who can defeat pop-up blockers too.

I don’t think anyone should be complacent enough to think that what I described might not be possible. We should all keep an open mind, and consider all possible root causes; the obvious one being never share you password with any entity, even if it is trusted. And one other piece of sage advice, clear out your address books on web mail. Reduces the risk of sending SPAM.