back to article LinkedIn users buried in spam after database leak

LinkedIn users are being bombarded by spam emails after the social network was hacked and hashed passwords of users dumped online. Members of the business network told The Register that they had received scores of invitations to "link in" with new connections, often flagged with warnings from their email provider that the …


This topic is closed for new posts.
  1. Brewster's Angle Grinder Silver badge

    Peter Baston unmasked

    "...and when you have an enforced connectivity regardless model pushed to the master revenue plan added to antiquated security systems and zip due diligence like LinkedIn – that's a FUBAR train wreck waiting to happen"

    Fuck me, it looks like amanfromMars has a job as a security consultant!

    1. Anonymous Coward
      Anonymous Coward


      of the story?

      Don't link in.

      1. LinkOfHyrule
        Paris Hilton

        Re: Moral

        Anything with the word "link" in its name sucks..... wait

    2. ideapete

      Re: Peter Baston unmasked

      Be at peace earthling and get back on your flat world supported on four elephants flying around the universe on the back of A'Tuin the giant star turtle

  2. Kevin Johnston


    It could just be that Spammers Inc are following their normal habits of using any event which has significant media coverage as the launchpad for another tranche of emails in the hope that 'reality show fan' grade intellects will fall for them.

  3. Stoneshop


    Had to log in this morning, and got an error message that my password was incorrect. Which it wasn't, so I can only assume my account was one of the ones that had its password reset. But no mail, no message on the login page, no pertinent message in the ubiquitous password reset mail, no message after the reset and logging in again.

    But no deluge of invitations either, nor any other spam (yet) that could be traced to this leak.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmm

      You are owned... just wait for it . . . .

    2. Anonymous Coward
      Anonymous Coward

      Re: Hmm

      maybe your profile is just not interesting enough...........

      1. Stoneshop

        @AC 19:45

        A spammer deciding whether or not to send spam to a particular account takes him more effort than just sending it.

  4. perlcat
    Black Helicopters

    LinkedIn is spam anyway.

    All's it is is a collection of salesdroids all looking to 'network' (build list of suckers to sell stuff to/beg for work).

    If I ever wanted to connect with people from my past who I stopped talking to, I'd use FB -- but every time I've ever given in to temptation and looked them up, I quickly re-discovered there was a *reason* why I let the association lapse.

    1. Stoneshop

      Re: LinkedIn is spam anyway.

      Funny. Less than 5% of my contacts are IT pimps, and there has been just a single case of one trying to link me on the pretext that he knew me while at the same time offering me a job.

      But then, UK pimp mores are quite different from Dutch.

    2. Semaj
      Thumb Down

      Re: LinkedIn is spam anyway.

      You are missing the point that it's a work based site - it's not Facebook. It's for keeping track of work based connections who you might be able to use to benefit your career in the future. Not because you like them.

      It's also useful as a barrier between recruiters and your actual email address / phone number because you don't HAVE to share your details with them when they spam you.

      Also, if you have a decent profile you can actually get head hunted by good employers from there (not recruiters). It happened to a friend of mine - lucky bugger.

  5. Anonymous Coward
    Anonymous Coward have been hit too Password Security Announcement

    More information posted in a Reddit post. MD5 storage, apparently leaked some time ago, but spammers have started hitting addresses in the past few weeks. Given that these reports started surfacing on forums on 10 May (exhibit A / exhibit B), it's rather a slow response from them...

  6. Anonymous Coward
    Anonymous Coward

    2 accounts, no passwords

    I wonder if they have cracked the passwords for the two accounts I set up early on (you need 2 to see how it works), no doubt they are trying to spam the throwaway email accounts I used to set them up (I have no idea what these were called or their passwords either).

    I have at least 3 facebooks, 2 twitters and numerous others where they want you to log in to do some stuff, each with email accounts that I only used to set them up.

    I go on the basis of one time logins, if I need their site again I will just create a new one.

  7. Quxy

    I'm not sure the LinkedIn spam is connected with the database leak

    I too have started to receive a large quantity of LinkedIn phishing spam -- but it's all directed to different email addresses than those I use on LinkedIn (which curiously is receiving NO phishing email). Both the targeted email addresses and originating hosts correlate with an upturn in similar phishing attempts for Twitter, Facebook, Verizon, big banks, etc., so I'm not convinced that it has anything to do with the database leak.

    1. This post has been deleted by its author

  8. Robert E A Harvey


    so not just hashed passwords then?

  9. sCode

    As I've deleted my account months ago and didn't receive any spam on that address there's the glimmer of hope that account deletions are indeed real deletions..

  10. The BigYin


    LastPass has a checking page and whilst it's probably safe enough to use, you should change your password just to be safe.

    But the best thing about this page is to play "Guess the dumb password". And yes "password" is one of them.

    Really...I would have thought Linkedin would have attracted users with some level of sense. Seems not.

    1. charlie-charlie-tango-alpha

      Re: Idiots

      "I would have thought Linkedin would have attracted users with some level of sense"

      Now what on earth gave you that idea? It's a social network.

    2. I'm Brian and so's my wife

      Re: Idiots

      I checked a few painfully obvious ones, like qwerty and some variations of password. I shouldn't be surprised at finding them but I am - what were they thinking?

    3. Anonymous Coward
      Anonymous Coward

      Re: Idiots

      Haha, yes quite illuminating.









      and the most amusing I stumbled across: billgates

      It seems that wearing a suit is no bar to being a dumb fuck.

      1. LinkOfHyrule

        Re: Idiots

        I wonder if you changed your password to that exact same message about blowing up some backwater provincial airport that got that bloke convicted for being a terror-tweeter if you'd be liable for the same offence? After all, you would be sending a disturbing/upsetting* message through a digital communication link every time you logged in.

        *them's like law words or something.

        1. Shannon Jacobs

          Re: Idiots

          First thing I did upon hearing about it was change my password. Or at least I tried to. The system is so confusing and messed up that I'm still unsure if I succeeded.

          I think these social networking websites are such a fundamentally bad idea that this is a case where the government should outlaw the entire industry before the explosion. I'm convinced there's going to be some kind of massive fiasco on a giant scale, but I'm not sure what it might be. I can see a LOT of obvious fiascoes on a personal scale...

          It isn't just the obvious risks of identity theft and blackmail or the second-level threats of detailed dossiers and exploitation of personal weaknesses. Even your strengths and interests can be turned against you to do damage...

          1. Destroy All Monsters Silver badge

            Re: Idiots

            > a case where the government should outlaw the entire industry

            I don't know what's worse: badly protected social networking sites or rampant state idolatry.

      2. eulampios

        Re: Idiots

        What makes it even more idiotic, that none of them use a single capital letter!

        Yes there is "hahaha", but no "HaHaHa". Some other funny ones to your list:

        Password, Pasword, Passw0rd, passw0rd

        and so on

    4. Destroy All Monsters Silver badge

      Re: Idiots

      Haha my password was not leaked. But then again, it's 10 random characters generated from /dev/random.

      battery staple horse correct wasn't leaked either

    5. VinceH

      Re: Idiots

      According to that page, my password was on the list. "Was" because I changed it as soon as I read about the problem - I haven't seen any emails from LinkedIn, though. (I suppose it's possible they're only sending the email to those who's passwords are unchanged but, somehow, that seems unlikely.)

    6. Anonymous Coward
      Anonymous Coward

      Re: Idiots

      LMAO I'm not on linkedin but I tried your link and tried 123456.... Looks like I've been compromised ohhh err

  11. Duffaboy

    The Spam was about CV writing an honesty

  12. Andy 68
    Thumb Up

    This is A Good Thing

    at least for me.

    LinkedIn was one of my 'standard low-security' passwords, it seems not to have been one of the leaked ones, but The Password Gorilla now protects all my work and home logins (across fedora and win7 - just need a gorilla client for small fondleslab now) and every single one is different.....

    About bl**dy time I did it, too.... and hopefully it will encourage everyone else to do the same.

  13. Anonymous Coward
    Anonymous Coward

    I almost never get any spam

    Johnny no-mates, or just a bit clever?

  14. Anonymous Coward
    Anonymous Coward

    Not just LinkedIn users

    Reg - your headline says LinkedIn users are receiving spam as a result of the leak. Is that just a poorly worded headline or worse? LinkedIn users will be no more likely to be 'buried in spam' than the man in the street who's never even heard of it.

    How does a spammer get LinkedIn users' email addresses from a list of hashed passwords? They don't. Why would they target LinkedIn users? Better just to do what they always do and pump them out to any email address they have or can make up, while there's a useful news story to ensure the topic is in the minds of their unsuspecting recipients. If the recipient happens to be a LinkedIn login then that increases the small chance of the user falling for it.

    1. Annihilator

      Re: Not just LinkedIn users

      And what makes you so sure that they don't have a list of email addresses to go with the hashed passwords? Chances are high that whoever managed to hack LinkedIn got more than just a list of hashed passwords, they'll have got the email addresses with it.

      Although yes, I imagine spammers have reacted and started pumping out a higher proportion of spam disguised as LinkedIn in general, and legitimate users have assumed causality. Although in fairness El Reg's headline hasn't linked the two.

    2. Anonymous Coward
      Anonymous Coward

      Re: Not just LinkedIn users

      I wasn't saying they didn't have email addresses (I wouldn't be surprised if they did), I just don't think they would be used for targeting spam.

      Spammers are opportunists who will send topical spam to any email address then can, regardless of whether the user is a LinkedIn user or not. I don't think the every man and his dog buys viagra, but that doesn't stop spammers sending invitations to solve trouser problems.

  15. Mitoo Bobsworth

    Spam? - Bloody Vikings!

  16. Michael H.F. Wilkinson Silver badge

    No spam other than the usual rate (like from BILL GATES FONDATION, or the widow of the late UJUMBU N'TUITIF, or warnings that bank accounts are blocked until I update my personal information, usually from banks where I have no account). Internet business as usual, in other words. No offers for cheap Viagra today, or cheap PhDs (maybe they did find out I have a proper PhD through linkedin.

    My password does not seemed to have leaked, no important stuff is on there, and I have changed my password to be on the safe side.

  17. Anonymous Coward
    Anonymous Coward


    I took the LinkedIn hack as a good time to go and update ALL my online accounts, so have been working through these in the past couple of days. It's been quite illuminating how many companies don't allow non-alpha characters. Few allow spaces (so no pass phrases), one only allows 6-character passwords (no more, no less!), and one bank won't allow a sequence of more than 4 numbers or letters - so that seriously restricts the use of memorable words or phrases, even without spaces!

    1. Intractable Potsherd

      Re: Passwords

      Yes - I've done the same, with the same frustration. What possible reason can there be for these restrictions - unless it creates plausible deniability for the company/bank when your account is breached?

  18. Anonymous Coward
    Anonymous Coward

    leemail is protecting my email

    I'm glad I used to share my "email" with LinkedIn. No LinkedIn hack SPAM for me.

  19. Anonymous Coward
    Anonymous Coward

    I deleted my account a year or so back - too many people trying to add me as as connection who I simply didn't want to be associated with, but now if I try to login it asks me if I want to re-activate my account. So seemingly they still have my details stored even though I've said I want out. Is it too much to ask to have my details removed when I ask?

This topic is closed for new posts.

Other stories you might like