The emails sent to the 6.5 million victims of the LinkedIn’s major password breach informed them of the password compromise and instructed them how to reset their passwords. But, according to research by anti-spam vendor Cloudmark, around 250,000 of those emails never made it to victims’ boxes because they were blocked by spam filters.
The emails about the compromised passwords were DKIM signed, addressed to the receipient by name, and did not contain any links, only a request to type a Linkedin URL at the command line. So why were the emails blocked as spam? Because users get so much email from LinkedIn that they mark the email as spam rather than unsubscribing from the mailing list, explained Andrew Conway with Cloudmark.
“LinkedIn is like the little boy who cried, ‘Wolf’. By sending too much mail that people are not really interested in, they are getting ignored when they have something important to say”, Conway opined.
Kaspersky Lab’s Threatpost blog noted that some LinkedIn users complained that the password reset notices were so lacking in detail that they were sure the emails were some type of phishing scam.