Professional social network LinkedIn wants you to know that its taking the recent password security breach to heart — despite lacking greater measures to prevent such hacks and a chief information security officer charged with keeping track of privacy flaws.
The company is taking a lot of heat after hackers divulged 6.5 million user passwords and uploaded them to a Russian forum for help encrypting them. The security breach is due to an exploit with the way LinkedIn’s mobile app handles a user’s calendar data, as VentureBeat previously reported. LinkedIn later confirmed the breech, and advised its users on what steps to take to ensure their information was secure.
In a blog post reaffirming its commitment to security yesterday, LinkedIn claimed that it has no evidence of any accounts being compromised as a result of the security breach.
Despite this, LinkedIn members aren’t ready to forgive and forget. Some users are complaining that LinkedIn didn’t act quickly enough in contacting them about the password leak, while security experts are pointing out that the company could have added an extra layer of password security known as “salting.” There’s also the matter of the social network not having a executive-level officer to manage security and privacy.
In the blog post, LinkedIn Director of Engineering Vicente Silveira wrote:
“We take this criminal activity very seriously so we are working closely with the FBI as they aggressively pursue the perpetrators of this crime. As you may have heard, there have been reports of other websites that have suffered similar thefts. We want to be as transparent as possible while at the same time preserving the security of our members without jeopardizing the ongoing investigation.”
As far as leaked user data is concerned, probably the worst candidate this could happen to is LinkedIn — which contains plenty of personal contact information and linked relationships between business associates across the globe. That could have the potential to wreck business deals and end professional careers. It’s good that the company is being proactive with messages on its blog, but it’ll have to do better than that if it wants to regain the trust of its users.