Have LinkedIn's security woes permanently damaged the social network?
- 14 June, 2012 20:11
After hackers last week breached the LinkedIn site, stealing more than 6 million user passwords, analysts are debating whether the attack will cause long-term damage to the social network.
In the attack, users' passwords were posted publicly to a Russian hacker forum. The incident garnered a lot of headlines, both in the trade and mainstream news media, and LinkedIn was accused of using lax security and having nothing more than light encryption to safeguard its users data.
Many companies, including LinkedIn suffer security breaches. What's causing the furor over the LinkedIn breach is that the company makes its name and its money from user data, yet it failed to take what security experts would call adequate steps to secure its bread and butter.
Critics accuse the company of failing to protect its users. Will users stand by their social network or will they flee?
"This is a business site focused on business users who generally don't take well to negligence, particularly when it comes to their passwords and IDs," said Rob Enderle, an analyst with the Enderle Group. "I think this attack will do lasting damage and open the door for competition. But I don't see a competitive choice positioning against the opportunity though, so LinkedIn may do better than they otherwise would as a result."
While LinkedIn's security lapse could drive users away, users of social networks have proved to be immensely loyal and willing to take hits without leaving their favorite sites.
Facebook, for instance, has had a handful of highly publicized privacy issues that drew heated criticism from its users. Industry analysts predicted an exodus of unhappy users. While some dribbled off the site in frustration, there was never a mass exodus.
Social networking users may get frustrated and angry and post nasty tweets on Twitter, but they want to be where their friends are. They want to see their cousin's news and their college roommate's vacation pictures. They rarely leave.
In an emailed statement, LinkedIn spokeswoman Erin O'Harra said: "I can confirm that the health of our network, as measured by member growth and engagement, remains as strong as it was prior to the incident."
"I've seen some users post via Twitter that they are leaving LinkedIn as a result of this incident, or rather the headlines spurred them into realizing that they never used LinkedIn so they might as well zap their accounts," said Graham Cluley, a senior technology consultant with security company Sophos. "I have no indication that people are leaving in droves, however."
Cluley said LinkedIn's recent troubles also are putting the spotlight on other social networks and their level of security.
"Many of the social networks have suffered from security and privacy problems, although there's no suggestion that they have made the same mistake regarding password security," Cluley added. "As LinkedIn likes to present itself as the professional, business-focused social network, it's particularly disappointing that they didn't have fairly elementary security in place."
LinkedIn is no fledgling social networking startup with little money or experience. After a successful initial public offering in May 2011, the company should be able to hire a barrage of security experts, the analysts noted.
This makes the breach harder to understand, Enderle said. "Security problems certainly haven't been uncommon for social networks, but given [LinkedIn's] cash position and the amount of warning, this issue should have been addressed," he said. "It makes the management team appear too inexperienced for a firm of this size... Negligence in a public company typically is a very bad thing because it can force changes at top executive levels."
As for LinkedIn's users, Patrick Moorhead, an analyst with Moor Insights & Strategy, said few will probably leave the site simply because there are few alternatives for a business-oriented social network.
"LinkedIn's reputation is taking hits from industry insiders and techies," he said. "But these kinds of things blow over quickly and won't leave any permanent marks. At least in North America, there isn't a competitor with much scale for users to go to."
Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, on Google+ or subscribe to Sharon's RSS feed. Her email address is firstname.lastname@example.org.
Read more about enterprise web 2.0/collaboration in Computerworld's Enterprise Web 2.0/Collaboration Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Transforming SIEM into an Early Warning System For Advanced Threats
- Unleashing the Power of Information
- IBM Solutions for Cloud and Virtualisation in Enterprise Environments
- Putting Web Threat Protection and Content Filtering in the Cloud
- The Assurance Checklist for Branch Networks - A Pragmatic Guide for Building High Performance Branch Office Networks
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Tips Choosing a Cloud Service Provider
Because cloud is still a new and evolving business model, it can be argued that the decision to select a cloud service provider should be approached with even greater diligence than other IT decisions. Many providers use the same term to define very different services, “hybrid cloud” is one example, making it difficult to compare offers. This whitepaper will help enterprises evaluate their options in two critical areas: the cloud service portfolio and the service provider itself. Read now.
Endpoint Security and Virtualisation
Besides form factor, virtual systems are not really that different than physical systems. They both use the same operating systems and applications. They both present users with computing resources such as RAM and hard drives. Consequently, the ability to exploit vulnerabilities in a physical environment will present a significant threat to virtualised environments as well. This paper examines the different endpoint security methods for virtualised environments and presents how Endpoint Protection security provides optimal performance, protection and manageability.
The Foundation for Cloud Management
For businesses looking to provide real-time business solutions to employees and customers alike, you need to have a comprehensive network management strategy. The network is the foundation of all successful cloud services; it must be robust to meet traffic, efficiency, and performance demands. Download today the four steps to get your network operations cloud-ready.