LinkedIn user alerts mistakenly blocked as spam
Researcher says more than 4% of intended recipients blocked LinkedIn's email instructions on resetting breached passwords
Computerworld - Many of the LinkedIn emails alerts instructing users on how to reset passwords accessed by hackers were dumped into spam boxes, according to email security vendor Cloudmark.
In a blog post on Tuesday. Andrew Conway, a Cloudmark researcher, said a substantial increase in spam reports last weekend were traced to LinkedIn password reset email alerts
In many cases, the emails that users' marked as spam were legitimate alerts from LinkedIn, Conway said.
"Over 4% of the people receiving this email thought it was spam and sent it straight to the bit bucket," Conway said. "If Linkedin sends out 6.5 million emails, then a quarter of a million people are congratulating themselves on avoiding spam -- and still have a compromised Linkedin password."
Conway said that LinkedIn did all the right things to ensure that users would not treat its emails with suspicion. All were addressed to the recipient by name, did not contain any links and were DomainKeys Identified Mail (DKIM) signed to validate their authenticity.
"Even so, it was taken for spam," Conway said. "Part of the problem is that people are used to getting email that they don't want from LinkedIn, and rather than unsubscribe, some of them just mark it as spam and hope that it will go away."
In an email to Computerworld, Conway said that Cloudmark, a provider of messaging security services to Internet Service Providers, monitors messages for clients by assigning a number of digital signatures based on the content of the messages. Thus it can determine which signatures are present on emails that are manually flagged as spam by users.
"The Linkedin compromised email message[s] generated several unique signatures, so we are able to measure the rate at which these are marked [by users] as spam," he said.
Cloudmark was able to confirm that LinkedIn, and not spammers had sent the alerts because the emails were DKIM signed by Linkedin.com, he said.
The alerts were sent after hackers last week accessed about 6.5 million hashed passwords from a LinkedIn database and posted the stolen data on Russian hacker site.
By last weekend, most of the passwords were believed to have been decrypted by hackers and made available in plain text on many sites.
LinkedIn has confirmed the password compromise but released few details about the incident.
In three separate LinkedIn communications about the incident, the company didn't say how the passwords were accessed or whether other data, such as email IDs, were also compromised. LinkedIn said only that no email IDs have yet been publicly posted.
The latest LinkedIn update, posted yesterday, repeats much of the information that was included in previous notes.
The latest post did say that all passwords posted by the hackers, and that "we believed created risk for our members, based on our investigation," have been disabled.
Since the attack, LinkedIn has come in for some criticism for not better protecting passwords.
The company has said that it has completed a "long-planned transition" from merely hashing passwords to a system that both hashes and salts passwords. Salting is a process in which a random string of characters is appended to a password before it is hashed.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Major companies, like Target, often fail to act on malware alerts
- The new security perimeter: Human Sensors
- Snowden advocates at SXSW for improved data security
- Joomla receives patches for zero-day SQL injection vulnerability, other flaws
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Cybercrime and Hacking White Papers |