Hmmm looks like my LinkedIn password is compromised 😱

Some asshole from Oregon, USA on a shitty Window PC 😳

Interesting this about this incident, is that my LinkedIn password was a 14 character long cryotograhpically generated passwords. I suspect LinkedIn has had a data breach 🤔

@abucci@anthony.buc.ci @bender@twtxt.net just asked that very question on IRC 🤣 Nope I didn’t leave a session open anywhere on any devices I don’t control or actively use. No the password is not reused anywhere. It is pretty damn strong (or was).

Anyway, generally speaking it’s a good reminder to go audit your password database

@abucci@anthony.buc.ci No other types of auth are linked. 2FA protected me in this case. No other sessions anywhere. The attempted login was from Oregon, US. So 🤷‍♂️ Really weird, I mean, what else do you think _might- have happened here? 🤔

@lyse@lyse.isobeef.org Yeah it is I think! 🤣 And actually @abucci@anthony.buc.ci I figured out what’s going on… It not that my password or a session was compromised. My account is under attack. Someone is trying to hack it (albeit badly) by hitting the password reset form and entering my email address. So what the attackers have is a) My LinkedIn account and b) My email address. Or this is a widespread attack to break into accounts and reset passwords? But… How dafuq does this attack work when you have to have access to the email account as well to get the password reset pin?! 😳

@screem@yarn.yarnpods.com Thanks for the insight 👌