Following the embarrassment over iPad and iPhone apps where user meeting notes were transimtted back to the server without the permission of the account holder, LinkedIn once again have egg on their face.
http://www.americandailyherald.com/us-news/top-stories/item/linkedin-confirms-password-security-breach
A number of user passwords were published onto a website and despite this breach, LinkedIn failed to tackle the issue head on. It was estimated by the Daily Mail that 65 million passwords were placed onto a Russian cybercrime website. However the Guardian, an independent newspaper estimates this at 6 million. Hackers also targeted 1.5 million dating website, eHarmony members. The Guardian are calling the scandal "a timely Internet security reminder."
The social media site which comprises of over 161 million members in over 200 countries has been fishing for a new PR firm to take over their brief, currently handled by Edelman. And it would seem this would not be before time. LinkedIn executives' failure to issue a direct statement or security advice meant that the media were forced to consult with security and IT professionals rather that the company itself.
'Security blogger Graham Cluley described the breach on his blog According to Cluley, “A file containing “6,458,020 SHA-1 unsalted password hashes has been posted on the Internet, and hackers are working together to crack them.” Cluley went on to note that the passwords were not associated with email addresses, but, he said, “it is reasonable to assume that such information may be in the hands of the criminals.” On its blog, LinkedIn confirmed some aspects of the breach.'
LinkedIn tweeted the disaster when they should have contacted members direct to make them aware of the security breach. Following the tweet LinkedIn director Vicente Silveira posted a blog late Wednesday night admitting to a compromise in security and an ongoing investigation.
The security may have been poor but the most shocking part of this disaster was the lack of direct handling and reassurance. Wholly inadequate. An example of very bad PR.
No comments:
Post a Comment