Pop Up during LinkedIn login invites email account to invite friends

[Canon_Man]

First post here. On Sunday February 19, 2012 while logging into LinkedIn.com, a pop up appeared suggesting that I might want to connect with my contacts. Inside the pop up dialogue was my email address with AOL and the pop up requested my password with a disclaimer that 'we will never store your password, or share it with anyone'. This should have been my warning, but it looked like it had originated with LinkedIn and I had seen similar requests on LinkedIn previously as well as FaceBook I believe. These sites love to data mine using your address book to increase membership.

Never thought too much about it, until yesterday (February 23, 2012) at about 1:30 PM a rash of SPAM emails from this AOL email account started arriving first with my wife and then my son, and later in the day I learned with others in my circle of acquaintances; - it even managed to SPAM my own account(s) as I sometimes use this 'less than primary' AOL email ID with others, including myself, and the email ID is used for other sites as well. I've actually had the account for over 12 years.

By the time I tried to access the AOL account from the web, AOL had locked it down, and unfortunately I could not recover the password for it because the email associated as secondary with it was one I no longer use, and haven't used for two years now. Its with another service I no longer subscribe to. 

Well, that's my story and besides a flurry of messages to those I care about to warn them, and the cleanup to fix sites that use the ID for one reason or another, my day was quite full, along with the gnashing of teeth.

[Hoov]

I am sending you an e-mail address to Yahoo. If you describe your problem, as fully as possible, you may be able to recover your yahoo account. No guarantee's but it has worked with others.

As for the original problem, the two incidents may have zero connection. Yahoo accounts are being hacked at a fairly high rate.

[Hoov]

 AOL Yahoo Yep, they look close to the same, they both have an A and an O in the word.     That is what I get for answering questions while yawning. I have sent you the correct address for AOL if you want to try.

Sorry for the mix-up on my part. 

[Canon_Man]

Thanks again for the replies, much appreciated.

I told AOL to trash the ID, but may try and have it recovered. The worst part of yesterday was thinking of all the places I used the email address as a log-in to a site or as the return email ID for messages.

Think I cleaned it up, and locked it down again. I still have people sending me notes saying; 'did you really mean to send this?' It's like a bad smell, it will soon go away, I hope!

There's a lesson in this too. Clear out your on-line web mail contact lists so that there isn't as much to glean if you do get hacked. Doh!

[Canon_Man]

Sent the request for assistance to AOL 48 hours ago, but so far they have ignored it.

[Hoov]

If you need an e-mail address to use for situations that might leave you open to spam, try Gmail. They have pretty good spam filters.

[Canon_Man]

That was not my issue, but thanks. I do have to agree that Gmail has better filters too. I wasn't getting SPAM, I was inadvertently sending it.

My real issue was sharing my email password with some entity that implied trust but was not trust worthy. I've never done this sharing thing before, but it appeared on LinkedIn for at least the third time during a log in, and it looked like LinkedIn, so in a weak moment I said, 'Well, why not?'

Number one rule on the Internet: Don't share your password for anything with anybody!

I failed, and in hindsight I take full responsibility for what I did. I also know that this is the one and only time I have ever shared a password, so I know where the compromise originated.

Also note that the opportunity to share your address book occurs with Facebook too, and in order to access on line Abooks, both LinkedIn and Facebook need your password to access them from the web.

I have checked and rechecked my desktop and laptop for trojans and malware too. Both machines are software protected a number of ways. Once a week both are scanned with AVG 2012, SuperAntiSpyWare (complete scan; - files modified in the last 365 days), SpywareBlaster is resident, and AdBlocker integrated with FireFox. Even run BitDefender too.

[Hoov]

AH! Basically what you are saying is that you need a class in paranoia? If you need one, I can teach it. I am paranoid enough I don't even know my own passwords.

[Canon_Man]

LOL  , I like your style!

Good forum too. Have it in my bookmarks and will visit from time to time.

Thanks.

[Canon_Man]

AH! Basically what you are saying is that you need a class in paranoia? If you need one, I can teach it. I am paranoid enough I don't even know my own passwords.

Just remember, just because you're not paranoid doesn't mean someone isn't talking about you!

[Hoov]

I like,

Just because you're paranoid doesn't mean that they're not out to get you.