Welcome to our fully functional beta site. We welcome all comments
informed!
The Informatica blog - Authored by Claudiu Popa

What LinkedIn Didn't Know: This Breach May Be Good For Business

LinkedIn Breach may be a good thing

LinkedIn is "unable to confirm the breach" but agrees that passwords belonging to "some" of their members may have been compromised. While this kind of evasiveness will not win the public company any sympathy, what LinkedIn fails to realize is that this breach is the ideal situation for them and comes at the right time.

First, the facts: while millions of stolen passwords have been published online, these did not come with usernames, so even if you have not yet changed your password, the chance of your account being accessed by random hackers is almost nil. I say 'random' because those who posted the passwords may still be in possession of the corresponding usernames. But LinkedIn is not Facebook, so a data compromise would likely not include (much) personal information. Access to interpersonal messages would however constitute a significant breach of confidentially for anyone who trusts the system's rudimentary messaging functionality with their sensitive communications. As privacy breaches go, their other current debacle, an insecure mobile app, is more likely to create one than the matter of these misapropriated gazillion-or-so passwords.

Can there be a good time for a large company to have a breach? You bet! Aside from the daily churn of downbeat economic news and underperforming stocks, LinkedIn's own sector is getting enough activity from other social media companies to ensure a very short life span for this event, which did not even cause a blip in its stock price. It's fair to say that Facebook's dropping fortunes have had a bigger effect on LinkedIn's market value than the aforementioned breaches. And it has been a busy week breach-wise with eHarmony and Last.FM reporting security problems and compromised passwords.
 
All in all, a company with aging software code (and until now, false sense of security) has an opportunity to survive catastrophic news and improve its systems as a result also stands to benefit from positive media coverage in the short-to-medium term. LinkedIn is now working with the FBI to investigate the breach and will likely take steps to review all their controls, potentially leading to glorious and triumphant eventual gloating about their noble efforts and innovative initiatives - the kind of stuff the media will enjoy. This is all good for business and as long as it is done without too much whining, they may get points for the way they approach what is a timely opportunity. It could have been much, much worse if those de-crypted passwords had been accompanied by their corresponding usernames, or if just a few accounts had been verifiably accessed and information changed (perhaps only the Education sections of some key Silicon Valley executives).

But LinkedIn's failure to secure their systems isn't without negative repercussions. Hackers the world over now have a vast set of fresh new passwords to add to the "dictionary" files that may some day be used to gain access to very important systems. These new entries are valuable and will not go away. They will only make password cracking applications that much more knowledgeable about the kinds of words and phrases that people - professionals - are likely to choose. And for that, they have LinkedIn to thank.

In the early 1920s, the Enigma machine was a portable encryption machine with rotor scramblers used for encoding and decoding confidential messages....
Bleeding hearts unite, the OpenSSL Heartbleed bug threatens to impact user privacy and business security online. There's a new security vulnerability in town. It's not even that new, we just didn't know about it until now. But it's a whopper and it threatens to i...
Independent risk assessments are the most basic best practice in business.Security is about risk. And risk is about numbers. Given the high probability of suffering data security and privacy breaches, is it any wonder compan...
Netflix just the latest brand used in wave of phone text support fraudEver wonder what the use of stealing millions of email addresses is? All those often downplayed, 'low sensitivity' data breaches have massive potent...
Layered SecurityI'm often surprised at the public's disappointment with the realization that security processes are not directly analogous to the medical notion of im...
Target breach will have serious consequencesThis past Christmas season hasn't been kind to the Target chain of retail stores nor to its brand. A brazen attack took place in December that affecte...

Welcome to Informatica

Be Secure.

Be Trusted.

Follow us on