Would anyone be surprised to know that LinkedIn is the third most popular social networking site in the world? That’s right – only behind Facebook & Twitter. You don’t hear about LinkedIn nearly as much as some other, smaller sites like Pinterest and Instagram, and yet, according to the site’s blog, it reached the 100 million-member mark last March. Furthermore, I discovered today that LinkedIn accounts for over 50% of web referral traffic at a company that I work for. That’s a lot.
And so, when more than 6.5 million user passwords are leaked, and the site is hacked into, it’s somewhat of an issue. In fact, that scenario has crisis written all over it. And that’s exactly what transpired today!
Apparently, someone posted a cache of encrypted LinkedIn passwords to a Russian hacking website about two days ago, and asked for help decoding them. As of this morning, more than 300,000 of the passwords had been cracked, and that number could be much larger by now.
Needless to say, LinkedIn was presented with one heck of a potential crisis situation this morning. Of course, nobody is going to be happy after finding out that their password might have been compromised (I changed mine immediately), but I do think that LinkedIn officials have done a great job responding to the incident positively.
The main thing to learn here is to be present during a crisis. Twitter provides a way to connect directly with a large number of people at once, and that is what LinkedIn leveraged today.
The LinkedIn Twitter account kept users updated throughout the day, tweeting, “Our team is currently looking into reports of stolen passwords. Stay tuned for more.” and, “Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred. Stay tuned here.”
Then, the LinkedIn team produced a blog post describing how to make strong passwords across the web in general.
LinkedIn, throughout the process, was:
- Open, honest, and transparent – Users did not have to go far to find out what was happening.
- Present to it’s public – They didn’t hide and let others take control of the conversation, but rather, they controlled what was being said about the site.
- Thorough – They completely addressed the situation, told everyone how people with hacked accounts would be notified, and told everyone how the site would recover.
- Apologetic: “We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously.”
Obviously, security breaches are negative events. But wouldn’t you agree that LinkedIn officials did an okay job at keeping the damage to a minimum?