Security

Have LinkedIn's Security Woes Permanently Damaged the Social Network?

After hackers last week breached the LinkedIn site, stealing more than 6 million user passwords, analysts are debating whether the attack will cause long-term damage to the social network.

In the attack, users' passwords were posted publicly to a Russian hacker forum. The incident garnered a lot of headlines, both in the trade and mainstream news media, and LinkedIn was accused of using lax security and having nothing more than light encryption to safeguard its users data.

Many companies, including LinkedIn suffer security breaches. What's causing the furor over the LinkedIn breach is that the company makes its name and its money from user data, yet it failed to take what security experts would call adequate steps to secure its bread and butter.

Critics accuse the company of failing to protect its users. Will users stand by their social network or will they flee?

"This is a business site focused on business users who generally don't take well to negligence, particularly when it comes to their passwords and IDs," said Rob Enderle, an analyst with the Enderle Group. "I think this attack will do lasting damage and open the door for competition. But I don't see a competitive choice positioning against the opportunity though, so LinkedIn may do better than they otherwise would as a result."

While LinkedIn's security lapse could drive users away, users of social networks have proved to be immensely loyal and willing to take hits without leaving their favorite sites.

Facebook, for instance, has had a handful of highly publicized privacy issues that drew heated criticism from its users. Industry analysts predicted an exodus of unhappy users. While some dribbled off the site in frustration, there was never a mass exodus.

Social networking users may get frustrated and angry and post nasty tweets on Twitter, but they want to be where their friends are. They want to see their cousin's news and their college roommate's vacation pictures. They rarely leave.

In an emailed statement, LinkedIn spokeswoman Erin O'Harra said: "I can confirm that the health of our network, as measured by member growth and engagement, remains as strong as it was prior to the incident."

"I've seen some users post via Twitter that they are leaving LinkedIn as a result of this incident, or rather the headlines spurred them into realizing that they never used LinkedIn so they might as well zap their accounts," said Graham Cluley, a senior technology consultant with security company Sophos. "I have no indication that people are leaving in droves, however."

Cluley said LinkedIn's recent troubles also are putting the spotlight on other social networks and their level of security.

"Many of the social networks have suffered from security and privacy problems, although there's no suggestion that they have made the same mistake regarding password security," Cluley added. "As LinkedIn likes to present itself as the professional, business-focused social network, it's particularly disappointing that they didn't have fairly elementary security in place."

LinkedIn is no fledgling social networking startup with little money or experience. After a successful initial public offering in May 2011, the company should be able to hire a barrage of security experts, the analysts noted.

This makes the breach harder to understand, Enderle said. "Security problems certainly haven't been uncommon for social networks, but given [LinkedIn's] cash position and the amount of warning, this issue should have been addressed," he said. "It makes the management team appear too inexperienced for a firm of this size... Negligence in a public company typically is a very bad thing because it can force changes at top executive levels."

As for LinkedIn's users, Patrick Moorhead, an analyst with Moor Insights & Strategy, said few will probably leave the site simply because there are few alternatives for a business-oriented social network.

"LinkedIn's reputation is taking hits from industry insiders and techies," he said. "But these kinds of things blow over quickly and won't leave any permanent marks. At least in North America, there isn't a competitor with much scale for users to go to."

Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, on Google+ or subscribe to Sharon's RSS feed. Her email address is sgaudin@computerworld.com.

See more by Sharon Gaudin on Computerworld.com.

Read more about enterprise web 2.0/collaboration in Computerworld's Enterprise Web 2.0/Collaboration Topic Center.

Subscribe to the Security Watch Newsletter

Comments