According to PC World, a data breach at LinkedIn has spawned a spam campaign that tries to take advantage of users worried that their passwords were among the 6.46 million posted on the Internet earlier this week.
Spammers are using service messages pretending to be from the business oriented social-networking site, but no connection has been established between the data breach and the spam messages.
The bogus LinkedIn message that started circulating Wednesday is crafted to look like a genuine communication from the site. It asks the recipient to confirm his or her e-mail address and contains a link for doing so. Clicking the link spirits the target to an illegal online pharmacy selling Viagra and other medications.
According to the story:
LinkedIn is using a two-step process to alert users to the security breach. Those affected first receive an e-mail without any links in it. It informs the member that they must reset their password and provides them with steps for doing so.
After completing those steps and requesting password assistance, the member will receive a second e-mail with a password reset link.
"It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases," LinkedIn’s director, Vicente Silveira, wrote in a company blog.
