If the visitor clicks anywhere on the page, then according to Cable, "LinkedIn interprets this as the AutoFill button being pressed, and sends the information via postMessage to the malicious site".
Yesterday large parts of the world were without their LinkedIn accounts due to an SSL certificate expiry and those that were able to login were browsing without encryption, meaning all of their data was potentially at risk.
Hackers are using the business-oriented LinkedIn social media site to send phishing InMails posing as a Wells Fargo document - the delivery method is to be trusted, but the content may not be.
Millions could have been exposed to malware bug in LinkedIn Messenger
A new social engineering campaign is sending out emails purporting to come from LinkedIn in an attempt to dupe recipients into giving up personal information.
The Russian man that Czech authorities arrested on 5 October in collaboration with the FBI is allegedly connected to the 2012 breach of LinkedIn.
The security firm InfoArmor believes the Yahoo! data breach far exceeds the 500 million number, that the hack was accomplished by a cyber-gang, not a nation-state, and that overall about 3.5 billion user records have been stolen over the years.
GitHub reported on 14 June someone launched a campaign to access several GitHub.com accounts using stolen login credentials.
While Microsoft's £18.6 bil ($26.2 billion) acquisition of data-rich LinkedIn will enhance business, the company has not yet said how it plans to protect the privacy of personal data of LinkedIn members.
Reddit announced it would require users to reset their passwords following the release of a dataset containing 100 million LinkedIn emails and password combinations from a 2012 breach.
The latest In Case You Missed It (ICYMI) looks at WhatsApp malware; Cerber Ransomware; LinkedIn loses 117m credentials; Screen lock scammers; GDPR countdown. Note: UK Holiday 30 May.
Old man Redmond looks to prevent "LinkedIn"-style debacle by preventing users from choosing popular passwords.
With the news of over 100 million user login credentials being stolen from online professional networking website LinkedIn, the industry offers it's viewpoints on passwords, the GDPR and LinkedIn's choice of encryption.
The 2012 LinkedIn data breach may be the breach that just keeps on giving with the news that 117 million customer email credentials originating from that hack were found for sale on the dark web.
Professionals on LinkedIn are being targeted by an increasing variety of hackers. A slew of fake accounts have been found on the social media platform across many industries.
The CTU, the Dell SecureWorks research team, uncovered fake LinkedIn profiles and an extensive, convincing network created by the Iran-based Threat Group 2889.
Staff need ongoing training in defending against the latest threats - which currently includes LinkedIn says Andrew Tang, service director, security at MTI Technology
"This highlights the fine line between acceptable and unacceptable usage of your information" says Nigel Stanley, CEO of Incoming Thought.
Microsoft, Google, Facebook, Yahoo and LinkedIn have won a U.S. court battle which allows them to disclose the number of requests they receive from the NSA, FBI and other government agencies.
Hackers harvest data from LinkedIn users by creating fake accounts
From banking hacks and malicious mobile apps to insider leaks and a serious data breach each month, 2014 promises to a challenging year for CISOs.