Professional social networking service LinkedIn has already spent some serious cash strengthening its security following an embarrassing breach earlier this year -- and plans to spend more.
LinkedIn Security Spending Could Total US$ 4M
As reported in the transcript provided by SeekingAlpha, during the recent LinkedIn Q2 2012 conference call, CEO Jeff Weiner discussed the theft and unauthorized publishing of 6.5 million LinkedIn member passwords that occurred in June 2012.
Weiner said no member login info was published but all the stolen passwords were disabled and the company has
redoubled our efforts to ensure the safety of member account on LinkedIn by further improving password strengthening measures and enhancing the security of our infrastructure and data. The health of our network as measured by number of growth and engagement remains as strong as it was prior to the incident.”
In response to a question from Piper Jaffray analyst Mark Zgutowicz, LinkedIn SVP/CFO Steve Sordello said that in June, LinkedIn spent between US$ 500,000 and US$ 1 million “primarily for forensic work” related to the breach. Sordello also said he expects LinkedIn to spend another US$ 2 to 3 million in the second half of 2012 -- with the bulk of the spending occurring in Q3 -- to take “proactive steps to update security.”
LinkedIn Owns Up
LinkedIn posted an admission of the security breach on its blog on June 9, and assured members that it was working closely with the FBI and that user names did not appear to have been published along with the corresponding passwords. In addition, LinkedIn said it would notify all members whose passwords were disabled due to the breach and advised all members to change their passwords every few months.
LinkedIn described a robust existing password database system that both “hashed and salted” (i.e., provided two extra layers of encoding instead of one) user passwords. The company has not specified what new steps it is taking, and possibly may not do so out of fear of tipping off potential future hackers.
Passwords under Siege
LinkedIn is hardly the only major consumer technology platform to find user passwords under siege. Last month, Pinterest had to start locking user accounts due to suspicious activity, after a string of disappearing or changed user data. Earlier this month, document sharing service Dropbox confirmed that it recently suffered a hacking attack that compromised the names and passwords of some user accounts. And of course earlier this year Yahoo suffered the theft of 450,000 user passwords.
With passwords such prized targets of professional hackers, networks big and small must make every effort to encrypt them as thoroughly as possible, especially since users themselves cannot always be trusted to make smart password decisions.
LinkedIn is spending a lot of money that could even have some negative impact on its second half earnings, but if it results in the prevention of future image-damaging data breaches, it will be money well spent.