LinkedIn is "unable to confirm the breach" but agrees that passwords belonging to "some" of their members may have been compromised. While this kind of evasiveness will not win the public company any sympathy, what LinkedIn fails to realize is that this breach is the ideal situation for them and comes at the right time.
First, the facts: while millions of stolen passwords have been published online, these did not come with usernames, so even if you have not yet changed your password, the chance of your account being accessed by random hackers is almost nil. I say 'random' because those who posted the passwords may still be in possession of the corresponding usernames. But LinkedIn is not Facebook, so a data compromise would likely not include (much) personal information. Access to interpersonal messages would however constitute a significant breach of confidentially for anyone who trusts the system's rudimentary messaging functionality with their sensitive communications. As privacy breaches go, their other current debacle, an insecure mobile app, is more likely to create one than the matter of these misapropriated gazillion-or-so passwords.
Can there be a good time for a large company to have a breach? You bet! Aside from the daily churn of downbeat economic news and underperforming stocks, LinkedIn's own sector is getting enough activity from other social media companies to ensure a very short life span for this event, which did not even cause a blip in its stock price. It's fair to say that Facebook's dropping fortunes have had a bigger effect on LinkedIn's market value than the aforementioned breaches. And it has been a busy week breach-wise with eHarmony and Last.FM reporting security problems and compromised passwords.
All in all, a company with aging software code (and until now, false sense of security) has an opportunity to survive catastrophic news and improve its systems as a result also stands to benefit from positive media coverage in the short-to-medium term. LinkedIn is now working with the FBI to investigate the breach and will likely take steps to review all their controls, potentially leading to glorious and triumphant eventual gloating about their noble efforts and innovative initiatives - the kind of stuff the media will enjoy. This is all good for business and as long as it is done without too much whining, they may get points for the way they approach what is a timely opportunity. It could have been much, much worse if those de-crypted passwords had been accompanied by their corresponding usernames, or if just a few accounts had been verifiably accessed and information changed (perhaps only the Education sections of some key Silicon Valley executives).
But LinkedIn's failure to secure their systems isn't without negative repercussions. Hackers the world over now have a vast set of fresh new passwords to add to the "dictionary" files that may some day be used to gain access to very important systems. These new entries are valuable and will not go away. They will only make password cracking applications that much more knowledgeable about the kinds of words and phrases that people - professionals - are likely to choose. And for that, they have LinkedIn to thank.
Security assessments are always interesting. I know, I do them all the time. You can never guess what you'll find when you're investigating a breach a...
More shocking than the fact that yet another teenager has opted to take her own life as a direct result of (cyber)bullying is the public response to t...
I’m always impressed at the low-tech nature of today’s most brazen hacking attacks and abuses of identity. It’s inevitable that so...
The Canadian Border Services Agency (CBSA) has installed equipment designed to record video and audio in Canadian airports (and possibly other ports o...
What? You didn't know? Well now you do. Alan Turing had/was/exhibited one of the greatest minds in computer science. To him we owe not just artificial...