More than 6 million LinkedIn passwords stolen
You might be hearing this in the news yesterday or today, or you might be seeing posts on Facebook or Google+ about LinkedIn having passwords stolen.
Before reading anymore, PLEASE, change your password at LinkedIn.(www.linkedin.com) I'll explain, but only after you change it. [Though my link is safe, it's always best, security-wise, to type the address yourself.]
OK, are you back? Did you change it, or ignore me once again. You can read more about the stolen passwords here: From Mashable and directly from LinkedIn Blog - An Update on LinkedIn Member Passwords Compromised
Phishing Emails related to LinkedIn Breach
Why the urgency? I barely blog or update this site as I'm busy taking care of everyone else's websites and emails, but after I received several emails pretending to be from LinkedIn, I realized the urgency.
As with all big news events, the 'evil-doers' like to take advantage of interest. Many viruses are spread after disasters like tsunamis and earthquakes. It's basic social engineering, scamming innocent people like yourselves into clicking something bad for you.
In this case, there are emails going out right now pretending to be from LinkedIn, warning you of the password breach and conviniently giving you links to change your password. DO NOT follow those links! (you already changed your password anyway, right?) Those links will bring you to a site that looks like LinkedIn, but is NOT LinkedIn. Instead, it is a scam website looking to capture your password and any other info you feel you need to give to strangers.
Type in the Address for LinkedIn in your address bar
I cannot stress this enough. It's why I even suggested it up top to not even trust my link. This advice is good for all websites with login info. If you receive an email saying there is an issue, always type in the address yourself. Do not follow links in email.
Luckily, using Google for my own mail server, and Postini for filtering, these messages aren't getting to me. But I check the filters daily, and saw the attempts.
Don't have LinkedIn? Then don't worry about it. But try to remember this advice when you hear of a breach at your bank, or PayPal, or eBay, or Google, or Facebook. Breaches happen, just like car accidents happen. Just know the procedures to deal with it and you'll be fine.
I will not lecture on the importance of good passwords, and different passwords for every site. If you haven't listened before, you won't listen now. Just hope that the password they grabbed from LinkedIn is not the same password for your email/facebook/bank. Just saying...
Update: while I was writing this, it seems others have noticed the scams also: http://www.bbc.co.uk/news/technology-18351986