LinkedIn has confirmed the leak, and has invalidated affected passwords. http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/However, here comes the tricky part. They will be sending out an email to affected accounts instructing them to reset their passwords, BUT a phishing scam is currently underway tricking people into doing much the same thing! How do you know which email to heed? Never "Click here" in an email. Any legitimate site that sends you a "Click here" email should be slapped. Always go directly to the trusted site and follow whatever instructions are applicable for the task at hand. If there IS a url you must follow (eg, validation email) copy and paste the link text into a browser address bar. Then MAKE SURE the text you pasted goes to the trusted site you expected, not some slightly / wildly different URL. |