It emerged that hackers were working to “crack” a list of 6.5 million out of 150 million LinkedIn profiles.Web security experts galore quickly warned users to change their passwords for other services if they had reused the same one across the web as the hackers took control. And still LinkedIn’s public relations team remained silent.
The passwords were stolen in “hashed” form, meaning some computing work was required to convert them back into usable passwords. By Wednesday afternoon the hackers said they had already recovered hundreds of thousands.
Following an investigation, LinkedIn finally admitted its security had been breached late on Wednesday – a whopping seven hours after the attack had been reported.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts,” said Vicente Silveira, a spokesman for the professional network, whose more than 150 million members worldwide include the Prime Minister.
The firm said it would email affected members and force them to change their password. It also pledged to apply more stringent security measures in future, including storing passwords in a more secure form by “salting” them, which makes it more difficult for hackers to crack them.
Commentators on both sides of the Atlantic then started to criticise LinkedIn’s security practices.
“The passwords weren’t properly protected,” said a spokesman for Imperva, an American security firm.
Imperva also claimed that more than 6.5 million people who use LinkedIn could be forced to change their passwords, because the list did not indicate how many members used each one.
However, it is the response to the news of the LinkedIn hacking by technology pundits and users alike which has been the most interesting.
In a nutshell – people don’t seem to care that much. Whenever Twitter or Facebook experience any type of security breaches, the world is up in arms.
And yet when LinkedIn’s biggest security violation to date happens, the reaction is muted to say the least.
I believe this is because the professional networking site has lost its way and needs to up its game.
It is still the top site for recruiters posting jobs and people seeking jobs to see new opportunities, according to a new survey from Bullhorn Reach, a US company which makes technology products for employers and recruiters.
But where it falls down massively is how it facilitates meaningful connections between the most important people: its users.
Many users tweeting about the hack have bemoaned how much trying to ‘network’ on the site is too much like work.
And indeed, many others have also complained about how very annoying LinkedIn’s constant email barrages are reminding its users someone wants to connect with them.
Perhaps, one user wrote, LinkedIn could have put its email skills to better use by immediately informing its users of the security breach and advised them on how best to protect their account.
Ironically LinkedIn, the networking site for professionals, failed to behave professionally this week by choosing to stay silent for as long as it did about the breach.
Loren Steffy, a US business columnist for the Houston Chronicle, phrased the issue well in his article: “Everyday, LinkedIn continues to annoy me in a way few other social media services do: it nags me about accepting invitations from people, most of whom I don’t know, who want to link up with me on LinkedIn. Don’t get me wrong, I’m happy to connect with people on social media. I just don’t need the site to harass me about it.
It rapidly needs to reinvigorate both its security and product so it actually becomes a tool professionals actively use to properly network with each other.
Reported by the Telegraph