I did get an email concerning the need to change my password when I responded to a request to connect to someone I know fairly well this morning. At the time I had no reason to believe that that would be a problem.
I have been worried that there's been sort of a "contest" going on to type in passwords and see if they match the harvested database, because anyone tapped into the right place would be able to use those clear-text passwords and match results to build up a very useful database. As far as the apparent malware delivery is concerned, here's the backtrail (if anyone wants, I'll forward the entire message for them to analyze): Received: from [190.40.186.225] ([190.40.186.225]) by mail2.mousetech.com (8.13.8/8.13.8) with ESMTP id q5BKWN1b024788 for <[email protected]>; Mon, 11 Jun 2012 16:32:26 -0400 Received: from mailb-bf.linkedin.com ([216.52.242.151]) by mx5.biz.mail.yahoo.com; Mon, 11 Jun 2012 11:32:22 -0500 Sender: [email protected] Date: Mon, 11 Jun 2012 11:32:22 -0500 From: LinkedIn <[email protected]> To: timh <[email protected]> Message-ID: <[email protected]> Subject: Re: Wire Transfer On Mon, 2012-06-11 at 17:18 -0400, Andrew Leslie wrote: > Unfortunately the passwords that were harvested in the initial attack > were only md5 encrypted, no salt had been used which is just as good > as using plain text nowadays. But so far I have yet to receive an > email from them, for now. Hopefully their mail server has not been > hijacked. > > On Jun 11, 2012 5:14 PM, "Tim Holloway" <[email protected]> wrote: > I recently received an email with attached ZIP file concerning > a "wire > transfer" which unless I seriously misread the headers comes > from > mailb-bf.linkedin.com ([216.52.242.151]) as well as several > LinkedIn > tokens. > > I hope by now that everyone is aware that LinkedIn's security > system was > seriously compromised recently and that as a result, people's > encrypted > passwords had been posted to a public Internet site. > > Evidently the breech was more serious than has been admitted, > since it > looks like a LinkedIn mailerver has been hijacked. Which means > that if > you have changed your LinkedIn password, the new password may > have been > harvested. > > Or in other words, there is now absolutely nothing that can be > trusted > coming from (or going to) LinkedIn. > > I hope they got their Instant Delivery and Everyday Low Prices > on their > Information Technology dollars, because about the last > disaster of this > magnitude I can recall was when the magazine "Business 2.0" > was sunk due > to failure to invest in a decent set of backup systems. > > Again, until someone credible says otherwise, use LinkedIn at > your own > risk. > > Tim > > > --------------------------------------------------------------------- > Archive http://marc.info/?l=jaxlug-list&r=1&w=2 > RSS Feed > http://www.mail-archive.com/[email protected]/maillist.xml > Unsubscribe [email protected] > --------------------------------------------------------------------- Archive http://marc.info/?l=jaxlug-list&r=1&w=2 RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml Unsubscribe [email protected]
