Timeframe for LinkedIn Attack?

Oliver Garraux oliver at g.garraux.net
Sun Jun 10 19:14:18 CDT 2012


Hey, I'm curious if anyone has heard of a possible timeframe for the
LinkedIn attack?

I use different email aliases on most websites I sign up for.  (So I
can identify where a spammer got my email address from and so I can
just remove the alias if I get spammed a lot).  I've been testing some
scripts I wrote to parse through my email logs recently, and noticed a
few interesting log entries from back in May.

I have accounts on Last.fm and on LinkedIn (using email aliases).  I
received a spam message on the email alias I use for LinkedIn on May
10.  I also received four spam messages on the email alias I use for
Last.fm on May 10.  The LinkedIn related message came in at 20:22 UTC.
 The four Last.fm messages came in between 21:26 and 21:51 UTC.  All
of these messages were rejected because the IP the connection came
from was listed on Spamhaus’s XBL (they came from 5 different IP's).

I don't think this necessarily proves anything beyond a shadow of a
doubt - but it seems really suspicious to me, given that I've never
seen any other spam directed to these address before or after May 10,
and that the email addresses for both of these sites that were
compromised were spammed for the first time on the same day. (And none
of the other 100+ email aliases I have received spam for the first
time on that day).

This would suggest to me that LinkedIn and Last.fm may have been
compromised at least a month ago.  Has anyone else seen anything that
would confirm or refute this?

Oliver

-------------------------------------

Oliver Garraux
Check out my blog:  www.GetSimpliciti.com/blog
Follow me on Twitter:  twitter.com/olivergarraux



More information about the NANOG mailing list