New Spam Campaign Could Be Using Stolen LinkedIn Data

Security researchers believe a new spam campaign brandjacking LinkedIn may be using data stolen through a data breach which hit the popular networking site earlier this year.

The emails are made to look like official reminders from the site telling recipients that they have messages and/or connect requests waiting for them. Those that click on the included link are sent to a shady internet pharmacy site. So far the site doesn’t appear to be hosting malware. It’s goal seems to be to simply make money off duping people into buying the fake drugs for sale there.

Because the messages are showing up in legit inboxes and not being detected at all in spam traps, researchers speculate that the addresses receiving the spam were harvested during the June data breach. That breach allowed hackers to steal over 6 million passwirds and, presumably, the email addresses attached to them. (LinkedIn users have their email addresses as usernames).

“The difference with this hack, as opposed to many others, is that people put their REAL information about themselves professionally on the site, not just what party they plan on attending, ala Facebook and others. And every time one of your LinkedIn contacts updates their profile, you get updates from LinkedIn showing what’s happening. This has the aggregate effect of garnering a form of peer review on what you post about yourself, knowing that it is exposed potentially to those business or career contacts that have a direct impact on your life. In other words, mess with somebody’s professional profile, and you’re messing with their life, and their contacts know about it.”  – ESET security researcher Cameron Camp told Help Net Security.

LinkedIn is still investigating the breach and hasn’t had much to say about it. If email addresses were indeed harvested, those affected should expect even more spam and phishing attacks too. The collected data would be a gold mine to scammers and spammers and likely sell for big bucks on the black market.

Written by Sue Walsh


  1. Shamara Dean · October 1, 2012

    This is really interesting. For the past few weeks I’ve been receiving a lot of friend requests from people I don’t know and are far connected from me. When I add them, they’ll start sending me messages with links to websites that are so damn suspicious you’re almost 100 percent sure they’re spam. This is incredibly sad for me since the main reason why I don’t network in other social sites is because I believe LinkedIn is secure enough for any professional. Then you hear a story such as this. I hope LinkedIn develops more stringent measures to prevent spam.

  2. Jaysee · October 9, 2012

    As an avid fan of Linkedin, I am very sad to hear this news. It’s the only decent social networking website there is on the planet! But if you haven’t noticed it yet, the number of LinkedIn users who are actually spammers has been increasing. For example, a couple of days ago, I added someone who’s a “technical writer.” I don’t know him personally, but LinkedIn says we are connected through a mutual friend, and I thought he was a good addition to my network since I’m a website designer. Sadly, a few hours after, I received a letter with a link to a website. He wants me to sign up to a service I have no idea about.

Leave A Reply