Have LinkedIn's security woes permanently damaged the social network?

Security breach grabs headlines but will users pack up and leave?

After hackers last week breached the LinkedIn site, stealing more than 6 million user passwords, analysts are debating whether the attack will cause long-term damage to the social network.

In the attack, users' passwords were posted publicly to a Russian hacker forum. The incident garnered a lot of headlines, both in the trade and mainstream news media, and LinkedIn was accused of using lax security and having nothing more than light encryption to safeguard its users data.

Many companies, including LinkedIn suffer security breaches. What's causing the furor over the LinkedIn breach is that the company makes its name and its money from user data, yet it failed to take what security experts would call adequate steps to secure its bread and butter.

Critics accuse the company of failing to protect its users. Will users stand by their social network or will they flee?

"This is a business site focused on business users who generally don't take well to negligence, particularly when it comes to their passwords and IDs," said Rob Enderle, an analyst with the Enderle Group. "I think this attack will do lasting damage and open the door for competition. But I don't see a competitive choice positioning against the opportunity though, so LinkedIn may do better than they otherwise would as a result."

While LinkedIn's security lapse could drive users away, users of social networks have proved to be immensely loyal and willing to take hits without leaving their favorite sites.

Facebook, for instance, has had a handful of highly publicized privacy issues that drew heated criticism from its users. Industry analysts predicted an exodus of unhappy users. While some dribbled off the site in frustration, there was never a mass exodus.

Social networking users may get frustrated and angry and post nasty tweets on Twitter, but they want to be where their friends are. They want to see their cousin's news and their college roommate's vacation pictures. They rarely leave.

In an emailed statement, LinkedIn spokeswoman Erin O'Harra said: "I can confirm that the health of our network, as measured by member growth and engagement, remains as strong as it was prior to the incident."

"I've seen some users post via Twitter that they are leaving LinkedIn as a result of this incident, or rather the headlines spurred them into realizing that they never used LinkedIn so they might as well zap their accounts," said Graham Cluley, a senior technology consultant with security company Sophos. "I have no indication that people are leaving in droves, however."

Cluley said LinkedIn's recent troubles also are putting the spotlight on other social networks and their level of security.

"Many of the social networks have suffered from security and privacy problems, although there's no suggestion that they have made the same mistake regarding password security," Cluley added. "As LinkedIn likes to present itself as the professional, business-focused social network, it's particularly disappointing that they didn't have fairly elementary security in place."

LinkedIn is no fledgling social networking startup with little money or experience. After a successful initial public offering in May 2011, the company should be able to hire a barrage of security experts, the analysts noted.

This makes the breach harder to understand, Enderle said. "Security problems certainly haven't been uncommon for social networks, but given [LinkedIn's] cash position and the amount of warning, this issue should have been addressed," he said. "It makes the management team appear too inexperienced for a firm of this size... Negligence in a public company typically is a very bad thing because it can force changes at top executive levels."

As for LinkedIn's users, Patrick Moorhead, an analyst with Moor Insights & Strategy, said few will probably leave the site simply because there are few alternatives for a business-oriented social network.

"LinkedIn's reputation is taking hits from industry insiders and techies," he said. "But these kinds of things blow over quickly and won't leave any permanent marks. At least in North America, there isn't a competitor with much scale for users to go to."

Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, on Google+ or subscribe to Sharon's RSS feed. Her email address is sgaudin@computerworld.com.

See more by Sharon Gaudin on Computerworld.com.

Read more about enterprise web 2.0/collaboration in Computerworld's Enterprise Web 2.0/Collaboration Topic Center.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sharon Gaudin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts