LinkedIn is far from the only company to suffer a massive data breach, but the company's response to the incident is unique — in all the wrong ways.
First, a short timeline: On June 6, the passwords of more than 6.4 million LinkedIn users hit a Russian Web forum after a reported hack. After repeatedly issuing statements saying nothing was wrong — and prompting widespread criticism from security experts — LinkedIn finally admitted late in the day that the security breach was real.
To alert its millions of potentially compromised members, LinkedIn issued a list of security steps to help users from having their accounts hijacked. LinkedIn said affected users would receive an email from LinkedIn on how to reset their passwords.
[LinkedIn, eHarmony Don't Take Your Security Seriously]
Those emails have set off another series of problems. About a quarter of a million of the legitimate LinkedIn email alerts ended up in spam folders, according to Computerworld. Andrew Conway, a researcher at the security firm Cloudmark, told Computerworld that LinkedIn's emails weren't the problem — they were all addressed to the recipient by name and contained no links — it was that those recipients were expecting spam, and ready to delete it when it came.
"Part of the problem is that people are used to getting email that they don't want from LinkedIn, and rather than unsubscribe, some of them just mark it as spam and hope that it will go away," Conway said.
News 11 months ago
