Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

LinkedIn: Breach Cost Up to $1M, Says $2-3 Million in Security Upgrades Coming

In June, a breach disclosed by business social networking site LinkedIn resulted in a hashed password list containing some 6.5 million user passwords, forcing the company to urgently examine its infrastructure and investigate the incident that exposed some of its users.

In June, a breach disclosed by business social networking site LinkedIn resulted in a hashed password list containing some 6.5 million user passwords, forcing the company to urgently examine its infrastructure and investigate the incident that exposed some of its users.

The company, which today announced solid financial results for Q2 2012 with record revenues of $228.2 million, shared details on some of the costs associated with investigating and addressing the breach, along with investments the company plans to make in order to further bolster security.

LinkedIn Breach Analysis

“In the second quarter, I would say there was roughly $500,000 – $1,000,00 related primarily to forensics work and other elements of that,” LinkedIn CEO Jeff Weiner said on a conference call discussing the company’s second quarter results.

Weiner also reinforced previous statements from the company that security measures have been improved following the breach.

“Since [the breach], we have redoubled our efforts to ensure the safety of member accounts on LinkedIn by further improving password strengthening measures and enhancing the security of our infrastructure and data,” Weiner said.

“The health of our network as measured by member growth and engagement remains as strong as it was prior to the incident,” he added.

While some improved security measures may have been taken, the company said more updates are in the works, with seven-figure investments in security expected to take place before the end of this year.

“In taking proactive steps to update security post the June password theft, we are assuming an additional $2-3 Million in second half expenses, more weighted toward the third quarter,” LinkedIn CFO Steve Sordello said.

Advertisement. Scroll to continue reading.

Since the conference call was an earnings call, the company did not get specific as to what technologies and or process improvements would be made to improve its security posture.

While 6.5 million leaked password hashes is by no means trivial, it’s a fraction of the more than 175 million members LinkedIn said it has as of August 2, 2012. Overall, the LinkedIn breach, while somewhat costly, did not impact the company to the level that other “hacked” companies have in the past, including Sony, Global Payments, and Certificate Authority DigiNotar which was essentially hacked out of business.

Earlier this month payment-processing provider Global Payments said that costs associated with a data breach disclosed in April that exposed up to 1.5 million card numbers totaled $84.4 million.

LinkedIn said page views increased 31 percent to 9.3 billion during the second quarter of 2012. When including SlideShare, which the company acquired in May 2012, there were nearly 131 million unique visitors in June 2012, making LinkedIn the 26th most visited website in the world according to comScore.

Related Reading: LinkedIn Breach: How a 6.5M Hole Could Sink a 160M Ship 

Related Reading: Lessons Learned from DigiNotar, Comodo and RSA Breaches

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.