Have LinkedIn's security woes permanently damaged the social network?
- 14 June, 2012 20:11
After hackers last week breached the LinkedIn site, stealing more than 6 million user passwords, analysts are debating whether the attack will cause long-term damage to the social network.
In the attack, users' passwords were posted publicly to a Russian hacker forum. The incident garnered a lot of headlines, both in the trade and mainstream news media, and LinkedIn was accused of using lax security and having nothing more than light encryption to safeguard its users data.
Many companies, including LinkedIn suffer security breaches. What's causing the furor over the LinkedIn breach is that the company makes its name and its money from user data, yet it failed to take what security experts would call adequate steps to secure its bread and butter.
Critics accuse the company of failing to protect its users. Will users stand by their social network or will they flee?
"This is a business site focused on business users who generally don't take well to negligence, particularly when it comes to their passwords and IDs," said Rob Enderle, an analyst with the Enderle Group. "I think this attack will do lasting damage and open the door for competition. But I don't see a competitive choice positioning against the opportunity though, so LinkedIn may do better than they otherwise would as a result."
While LinkedIn's security lapse could drive users away, users of social networks have proved to be immensely loyal and willing to take hits without leaving their favorite sites.
Facebook, for instance, has had a handful of highly publicized privacy issues that drew heated criticism from its users. Industry analysts predicted an exodus of unhappy users. While some dribbled off the site in frustration, there was never a mass exodus.
Social networking users may get frustrated and angry and post nasty tweets on Twitter, but they want to be where their friends are. They want to see their cousin's news and their college roommate's vacation pictures. They rarely leave.
In an emailed statement, LinkedIn spokeswoman Erin O'Harra said: "I can confirm that the health of our network, as measured by member growth and engagement, remains as strong as it was prior to the incident."
"I've seen some users post via Twitter that they are leaving LinkedIn as a result of this incident, or rather the headlines spurred them into realizing that they never used LinkedIn so they might as well zap their accounts," said Graham Cluley, a senior technology consultant with security company Sophos. "I have no indication that people are leaving in droves, however."
Cluley said LinkedIn's recent troubles also are putting the spotlight on other social networks and their level of security.
"Many of the social networks have suffered from security and privacy problems, although there's no suggestion that they have made the same mistake regarding password security," Cluley added. "As LinkedIn likes to present itself as the professional, business-focused social network, it's particularly disappointing that they didn't have fairly elementary security in place."
LinkedIn is no fledgling social networking startup with little money or experience. After a successful initial public offering in May 2011, the company should be able to hire a barrage of security experts, the analysts noted.
This makes the breach harder to understand, Enderle said. "Security problems certainly haven't been uncommon for social networks, but given [LinkedIn's] cash position and the amount of warning, this issue should have been addressed," he said. "It makes the management team appear too inexperienced for a firm of this size... Negligence in a public company typically is a very bad thing because it can force changes at top executive levels."
As for LinkedIn's users, Patrick Moorhead, an analyst with Moor Insights & Strategy, said few will probably leave the site simply because there are few alternatives for a business-oriented social network.
"LinkedIn's reputation is taking hits from industry insiders and techies," he said. "But these kinds of things blow over quickly and won't leave any permanent marks. At least in North America, there isn't a competitor with much scale for users to go to."
Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, on Google+ or subscribe to Sharon's RSS feed. Her email address is firstname.lastname@example.org.
Read more about enterprise web 2.0/collaboration in Computerworld's Enterprise Web 2.0/Collaboration Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Nermertes Research: Clouds at the End of the Rainbow
- Transforming Virtualised Infrastructure: The Key to Enabling Mission-critical Databases and Applications
- Webroot® SecureAnywhere™ Business - Endpoint Protection Technocal Overview
- The Need for Data Loss Prevention Now
- VMWare Partner Network: Improving Security
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Maximising productivity without sacrificing security
Advances in mobility and client computing technology combined with the ubiquity of the Internet and social media are creating a culture and desire for constant connectivity and anywhere access to information. As these trends extend from the home into the work place, IT managers should consider seriously the opportunities for increased productivity and communication with customers and constituents, as well as understand the increased security risks posed by online, anytime access to private networks and data. Read more.
Advanced Persistent Threats and Real-Time Threat Management
Businesses face a constantly evolving threat landscape. One of the greatest challenges is presented by advanced persistent threats (APTs), which are sophisticated, multi‐faceted attacks targeting a particular organisation. Mitigating the risk of APTs requires advances beyond traditional layered security to include real‐time threat management. This whitepaper describes the nature of APTs, the risks they pose to businesses, and techniques for blocking, detecting, and containing APTs and other emerging threats. Read now.
Accelerate Cloud and Composite Application Delivery
Are your requirements the need for faster release cycles, you have reduced budgets required to run and manage a complex test environment, and you want to decrease your third party expenses? HP Service Virtualisation, designed to enable your teams to create, develop and test against virtual services that simulate real service behaviour with no constraints, available anytime.