LinkedIn Passwords Stolen – What You Should Do

LinkedIn is a popular social network for professionals wanting to promote themselves and their careers, connect with current and former business contacts, and build their businesses. So you may already have joined the site.

If you are a LinkedIn user, please read on.

Yesterday, LinkedIn confirmed that some of their users’ passwords were stolen. While they are investigating the issue further, here is what they recommend that you do:

password security tips

  • If LinkedIn thinks your password was compromised, your account password will be disabled and you should get an email with instructions (but no links) giving you the first steps to resetting a new password.
  • Follow the steps in the first email and you’ll get a second email from LinkedIn with a password reset link.
  • LinkedIn also advises you to review their advice about password security.

Even if you don’t get an email from LinkedIn, you may want to proactively change your password, and use it as an opportunity to create an even stronger password.

As an Internet service provider with 18 years of experience safeguarding our members’ accounts, EarthLink has long promoted the value of creating strong passwords that you keep private and secure.

Want to know more about password security? Read our blog post about protecting your passwords, this post with a system you can use to generate strong passwords without repeating them, and this password help from the EarthLink Support Center.

If you wish to change your EarthLink password, use the Password Reset Tool on our My Account page.

We also had a link to download the free LastPass password manager from our eLink newsletter for Internet access members (scroll down to the Download section).

eHarmony users: Dating site eHarmony also confirmed a password security breach yesterday. You can read about that password security problem here.

LastPass has created tools to help you check if your LinkedIn password or eHarmony password was stolen.

Thieves Using Craigslist, Facebook & Other Websites

Bikes stolen using social networks and other websitesWe believe that Internet access is an indispensible aspect of our modern lives because of how it connects us better to the people and information we care about.

For people with special interests, online communities of friends and others who share your passions can be especially valuable.

But a story in the Los Angeles Times a couple of days ago is another reminder that you have to be careful what you share online and how you share it.

The Times reported that several people were arrested as part of a bicycle theft group that over the past two years stole almost 200 high-end bicycles worth approximately $250,000.

The arrest was a cautionary tale to Internet and social network users because the thieves evidently targeted victims and planned crimes using Craigslist, Facebook, and other websites for bike enthusiasts.

One victim who was selling an expensive bike on Craigslist set up a time for a potential buyer to come to his house. They buyer never came, but a couple of weeks later the bike was stolen from his home.

When thieves got names of potential victims from encounters on other websites they often then logged into Facebook to find more information and search for additional targets.

We encourage you to keep using the Internet to enhance your life in all the ways you do already, including being active in social networks like Facebook. In fact, we’d love it if you would click over to our EarthLink Facbook page and Like us to stay connected.

We just want to be aware that some kinds of online posts may invite the wrong kind of attention. And when you’re selling something expensive, think twice before you give out your home address or other personal information.

Be safe.

Mac Flashback Virus Infects 600,000: What Can You Do?

Security has often been cited as one of the big advantages Mac computers have over their Windows counterparts.

Windows users were under constant assault from viruses, Trojans, spyware, and malware of all kinds.

Mac users remained blissfully above the fray. Most never even considered buying or even installing a free computer security program.

Until last week.

Mac Flashback Virus Worldwide Outbreak Map

Where the Flashback Virus Has Spread

More than 600,00 Mac users were found to be infected with the Flashback Trojan, malware that exploits a Java security flaw to install itself on Macs. Most infected computers (56.6%) are in the U.S.

This isn’t the first Mac attack by any means. Just a year ago there was a fairly large attack called MacDefender.

But more people use Macs now and Flashback has gotten a lot of publicity, leading some to say it has, once and for all, ended Mac’s no-virus reputation.

Now for some comforting news for Mac users: though it’s a large infection, Flashback probably has only infected around 1% of Macs according to some estimates.

Secondly, Apple has already launched a couple of updates to identify and protect against Flashback, so if you get a Mac OS update notice, please don’t ignore it. You can also run your Mac’s Software Update at any time.

Keep in mind, however, that Apple’s Flashback security updates are only for OSX v10.7 and v10.6. Users with earlier operating systems who are concerned are encouraged by Apple to disable Java in their browser preferences. Here is more information about Flashback from Apple.

Though Apple is still working on a Flashback detection and removal tool, there are free 3rd party options available now.

Security vendor Dr.Web has a free online tool to check your system for the Flashback malware (specifically, Backdoor.Flashback.39). All you need to do is enter your Mac’s UUID (don’t worry, there are instructions on how to find it). Keep in mind, this is just a detection, not a removal tool.

Another security vendor, F-Secure, is offering a free tool that automatically detects and removes Flashback from your Mac. Download the free tool here and read the installation instructions.

If you are an EarthLink member and Mac user interested in ongoing protection for your computer, you can take advantage of these Special Offers on Norton Security software from our security partner Symantec.

4 Simple Ways to Spot Spam!

Email helps us keep in touch with friends, communicate quickly with coworkers, and receive messaging from businesses we interact with (like banks, service providers, and even coupon services!).  We share our email address with people and companies we trust, and as a result, our instinct is to trust every message that hits our inbox.

But the sad reality is that, much like our physical mailing addresses, entities we do not provide our info to can send things to us…and these emails can sometimes be malicious.  These emails are called “phishing,” “scam” or simply “spam” emails, and should be reported (“mark as spam” in your email inbox, deleted/ignored, and/or reported directly to your email provider…NEVER respond).

Here are 4 simple ways to spot a scam email:

1) There are misspellings.  Unless the email is from a friend (and there are no links to click on), this message is probably a hastily-put-together spam email.

2) The email asks for personal info.  No reputable company will EVER ask you to reply to an email with personal information.  They will refer you to their legitimate website.

3) There are links in the email that aren’t what they promise to be.  If you get an email from a bank, and the link sends you to a website that LOOKS like your bank, but the URL (the web address in the navigation bar…for example, “www.google.com” is the URL for google”) is not ACTUALLY for your bank, the email is 100% spam.  Do not enter your personal info.

TIP: To be SURE, even if you do receive legitimate emails from your bank (or any entity you log into), don’t click the email links.  Instead, visit the website on your own to make sure you’re always visiting the right website.

4) There is an attachment.  Do not open attachments that aren’t (a) from people on your contact list who have told you an attachment was coming, and (b) attachments containing info that YOU requested from a business.

TIP: Make sure the customer service person sending you the attachment has an email address “example@thewebsiteyouexpect.com”