Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

LinkedIn: Breach Cost Up to $1M, Says $2-3 Million in Security Upgrades Coming

In June, a breach disclosed by business social networking site LinkedIn resulted in a hashed password list containing some 6.5 million user passwords, forcing the company to urgently examine its infrastructure and investigate the incident that exposed some of its users.

In June, a breach disclosed by business social networking site LinkedIn resulted in a hashed password list containing some 6.5 million user passwords, forcing the company to urgently examine its infrastructure and investigate the incident that exposed some of its users.

The company, which today announced solid financial results for Q2 2012 with record revenues of $228.2 million, shared details on some of the costs associated with investigating and addressing the breach, along with investments the company plans to make in order to further bolster security.

LinkedIn Breach Analysis

“In the second quarter, I would say there was roughly $500,000 – $1,000,00 related primarily to forensics work and other elements of that,” LinkedIn CEO Jeff Weiner said on a conference call discussing the company’s second quarter results.

Weiner also reinforced previous statements from the company that security measures have been improved following the breach.

“Since [the breach], we have redoubled our efforts to ensure the safety of member accounts on LinkedIn by further improving password strengthening measures and enhancing the security of our infrastructure and data,” Weiner said.

“The health of our network as measured by member growth and engagement remains as strong as it was prior to the incident,” he added.

While some improved security measures may have been taken, the company said more updates are in the works, with seven-figure investments in security expected to take place before the end of this year.

“In taking proactive steps to update security post the June password theft, we are assuming an additional $2-3 Million in second half expenses, more weighted toward the third quarter,” LinkedIn CFO Steve Sordello said.

Advertisement. Scroll to continue reading.

Since the conference call was an earnings call, the company did not get specific as to what technologies and or process improvements would be made to improve its security posture.

While 6.5 million leaked password hashes is by no means trivial, it’s a fraction of the more than 175 million members LinkedIn said it has as of August 2, 2012. Overall, the LinkedIn breach, while somewhat costly, did not impact the company to the level that other “hacked” companies have in the past, including Sony, Global Payments, and Certificate Authority DigiNotar which was essentially hacked out of business.

Earlier this month payment-processing provider Global Payments said that costs associated with a data breach disclosed in April that exposed up to 1.5 million card numbers totaled $84.4 million.

LinkedIn said page views increased 31 percent to 9.3 billion during the second quarter of 2012. When including SlideShare, which the company acquired in May 2012, there were nearly 131 million unique visitors in June 2012, making LinkedIn the 26th most visited website in the world according to comScore.

Related Reading: LinkedIn Breach: How a 6.5M Hole Could Sink a 160M Ship 

Related Reading: Lessons Learned from DigiNotar, Comodo and RSA Breaches

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.