LinkedIn's massive security breach: The fallout
The networking site is working overtime to contain a series of security lapses that put millions of user accounts at risk
LinkedIn has confirmed that more than six million users had their passwords stolen by hackers, and some 165,000 of those passwords have already been posted online. The popular networking site, which presents itself as a professional alternative to Facebook with a focus on business connections, has more than 150 million registered users worldwide. Will the site that boasts the slogan "relationships matter" be able to repair its relationship with worried users? Here's what you should know:
What exactly happened?
Early on Wednesday, reports began circulating that 6.5 million users had their account passwords stolen. Hours later, LinkedIn confirmed the security breach in a blog post. The company deactivated compromised accounts to protect users.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
How did hackers steal these passwords?
It's unclear how hackers got into the system in the first place, and the company won't say who the suspected culprit is. But here's what we do know: The stolen passwords were originally published to a Russian forum, and most "were posted in a simple cryptographic code, suggesting the networking site had been using outdated security precautions," says the Moscow Times. A few of the posted passwords included phrases like "recruiter," "googlerecruiter," "toprecruiter," "human resources," "hiring," and "linkedin." It's not known if the hackers know each password's corresponding user log-in.
How is LinkedIn handling this breach?
The company deactivated many accounts, and is contacting the owners of hacked accounts and urging them to reset their passwords. But in some ways, things are getting worse, as the hacks have spawned a new spam campaign targeting LinkedIn users: Emails that look like they're officially from the site's administrators are actually spambots illegally "phishing" for passwords. The company is reminding its users not to follow any embedded links (the official LinkedIn email to reset your password is link-free and requires users to copy and paste), and to check source addresses carefully.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
How badly will this hurt LinkedIn's reputation?
It's certainly not helping. LinkedIn just became "the most annoying of all social media" sites, says Loren Steffy at the Houston Chronicle. The site already nags users to accept invitations from nepotists and strangers. If LinkedIn really wants to inspire confidence, it should "devote the same amount of attention it currently places on badgering its members on tighter security."
Sources: CNET, Gawker, The Houston Chronicle, Moscow Times, PC World, The Verge
-
Earth's magnetic North Pole is shifting toward Russia
Under the radar The pole is on the move
By Devika Rao, The Week US Published
-
Four invigorating paths for solo travelers to take in 2025
The Week Recommends New year, new opportunities to see the world on your own terms
By Catherine Garcia, The Week US Published
-
Pam Bondi, Trump's new pick for attorney general
In The Spotlight Bondi was selected after Trump's first pick, Matt Gaetz, removed himself from contention
By Justin Klawans, The Week US Published