LogLurker Thr foundation of a good security program


LinkedIn relied on hackers list to spam “users”

LinkedIn recently became aware of a list of supposed LinkedIn user accounts and password hashes. See: Protecting Our Members

Since then our company received over 8,000 notifications from LinkedIn with "Reset Your LinkedIn Password". Giving them the benefit of the doubt, I suspect that they pulled these email addresses from that recently released data set.

A good number of our users are reachable via several variations on their Internet email address. Most of the users who received these notices from LinkedIn received them on at least two variations of their address. Interestingly enough, most of our users do not use their corporate email addresses on LinkedIn.

I reached out to LinkedIn via their contact form and strongly encouraged them to stop using these addresses to bring this issue to the attention of their actual users. This mailing appeared extremely suspicious, or at the very least like marketing spam, to the users who received them. I strongly suggested that they limit contacting their users to the email addresses that they are actually their LinkedIn profiles.

What a sad state of affairs it is, when a large organization like LinkedIn relies on addresses publicized by hackers to reach out to "their users". LinkedIn has highly degrades their image in the market place with this communication campaign.

Filed under: Uncategorized No Comments