According to a report from the BBC, many email account owners have received messages asking that they verify their passwords in the wake of the attacks. However, the reported emails are not legitimate, instead leading users to a phishing scam site advertising drugs that are counferfeit.
As reports of the leak made media waves yesterday, LinkedIn began to investigate but was initially unable to confirm the occurrence. The breach itself was claimed by a hacker via a Russian web forum. While it did contain passwords, it did not include corresponding usernames.
LinkedIn has since confirmed that some of the reported passwords were leaked. Meanwhile, the company has taken particular steps to secure their accounts. Affected users are no longer able to use their previous passwords to login. An email from LinkedIn provides further instructions on how to reset but contains no links, unlike emails sent from the scammers.
“It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases,” commented LinkedIn’s Vicente Silveira in a blog post. Meanwhile, one and a half million passwords for the dating site eHarmony were also included in the leak, according to the BBC.