Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

LinkedIn: Breach Cost Up to $1M, Says $2-3 Million in Security Upgrades Coming

In June, a breach disclosed by business social networking site LinkedIn resulted in a hashed password list containing some 6.5 million user passwords, forcing the company to urgently examine its infrastructure and investigate the incident that exposed some of its users.

In June, a breach disclosed by business social networking site LinkedIn resulted in a hashed password list containing some 6.5 million user passwords, forcing the company to urgently examine its infrastructure and investigate the incident that exposed some of its users.

The company, which today announced solid financial results for Q2 2012 with record revenues of $228.2 million, shared details on some of the costs associated with investigating and addressing the breach, along with investments the company plans to make in order to further bolster security.

LinkedIn Breach Analysis

“In the second quarter, I would say there was roughly $500,000 – $1,000,00 related primarily to forensics work and other elements of that,” LinkedIn CEO Jeff Weiner said on a conference call discussing the company’s second quarter results.

Weiner also reinforced previous statements from the company that security measures have been improved following the breach.

“Since [the breach], we have redoubled our efforts to ensure the safety of member accounts on LinkedIn by further improving password strengthening measures and enhancing the security of our infrastructure and data,” Weiner said.

“The health of our network as measured by member growth and engagement remains as strong as it was prior to the incident,” he added.

While some improved security measures may have been taken, the company said more updates are in the works, with seven-figure investments in security expected to take place before the end of this year.

“In taking proactive steps to update security post the June password theft, we are assuming an additional $2-3 Million in second half expenses, more weighted toward the third quarter,” LinkedIn CFO Steve Sordello said.

Since the conference call was an earnings call, the company did not get specific as to what technologies and or process improvements would be made to improve its security posture.

While 6.5 million leaked password hashes is by no means trivial, it’s a fraction of the more than 175 million members LinkedIn said it has as of August 2, 2012. Overall, the LinkedIn breach, while somewhat costly, did not impact the company to the level that other “hacked” companies have in the past, including Sony, Global Payments, and Certificate Authority DigiNotar which was essentially hacked out of business.

Earlier this month payment-processing provider Global Payments said that costs associated with a data breach disclosed in April that exposed up to 1.5 million card numbers totaled $84.4 million.

LinkedIn said page views increased 31 percent to 9.3 billion during the second quarter of 2012. When including SlideShare, which the company acquired in May 2012, there were nearly 131 million unique visitors in June 2012, making LinkedIn the 26th most visited website in the world according to comScore.

Related Reading: LinkedIn Breach: How a 6.5M Hole Could Sink a 160M Ship 

Related Reading: Lessons Learned from DigiNotar, Comodo and RSA Breaches

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...