What LinkedIn’s security breach tells us

In Information Security ByTeam Acumin / 20th June 2012

It’s a rule of law that the mightier you are the harder the fall will be, which is to say in this 24/7 age of interconnectivity, wired-up to the internet every single second of the day, with everyone effectively an IT practitioner, any shortcomings, big or small, will be most visible.

When the professional social networking site LinkedIn was revealed to have experienced a network security breach, resulting in millions of users’ passwords being uploaded to a website, the online world and media outlets from around the globe went into heated discussion.

Now while LinkedIn isn’t unique in being targeted by cyber criminals, a lot of criticism towards the popular company – it has approximately 161 million users – is justified in the sense that a lot of weaknesses and vulnerabilities have been identified.

One would expect a big company to have a seriously robust system of security, but something has clearly gone amiss. However, it would be too easy to say that this is the product of the fact it has no chief information officer, someone who has the skill, tact and knowledge to “beef up” and monitor security.

That’s because it does have a security team, a world-class one in fact, as its director Vicente Silveira was keen to articulate. This typified by experts like Ganesh Krishan, the former vice president and chief information security officer at Yahoo! and David Henke, senior vice president of operations, who oversees all areas of this.

LinkedIn wasn’t the only one being hit – eHarmony and Last.fm were also targeted. In January of this year it was reported that Facebook, the giant of social media networks, had been breached, with 45,000 passwords being stolen. Hackers had deployed a ramnit worm.

As the Financial Times noted recently, cyber criminals are preying on social networks – it’s the new playground so to speak. The significance of the LinkedIn story is the scale of it. When you get into the millions you know you’re into unchartered territory.

One of the reasons for the shift, explained Graham Cluley, senior technology at the security research firm Sophos, is that the anti-spam features on these websites are “nowhere as mature as places like Hotmail and Gmail”.

Furthermore, the openness of such websites, in terms of sharing information, developing applications and becoming friends – as a status thing (the more people you have, the more “popular” you are) and a strategic thing (the more reach you have, the more exposure you have to services and products) – makes them more culpable of been breached.

No doubt that the likes of Facebook, Twitter, LinkedIn and new kid on the block Pinterest will be evaluating their policies and considering how they respond to this new era. They owe it to the collective millions of users who give them the very digital air they need to breathe to ensure that they are safe and protected. If not, users will walk away, and then where will they be?