Last week LinkedIn confirmed reports that about 6.5 million of its accounts had been compromised, with their passwords leaked on a Russian web forum. It sought to quell user concern by posting details about its investigation into the matter on its Twitter account and pointing followers towards its blog, which detailed security tips.
The business social networking site’s support team then sent affected members emails with instructions on how to reset their passwords.
The volume of mentions of LinkedIn on social media and other websites increased more than seven-fold on Wednesday and Thursday, compared to usual levels of mentions, according to exclusive research for Marketing Week by Ipsos Mori in partnership with Brandwatch.
Although the majority of mentions did not express any sentiment, about 19% of posts, which were manually analysed between 5-10 June, were negative of LinkedIn, with 8% cynical or sarcastic and further 8% directly criticising the site.
Many users complained that LinkedIn did not make efforts to respond to the crisis as soon as possible – taking more than 12 hours to confirm reports on technology news sites and blogs.
Francis Ingham, chief executive of the PRCA, says LinkedIn failed to observe the first rule of crisis management: being the first to tell your customers, with its failure to do so being “highly damaging to the brand”.
He added: “They’ve also got their tone wrong – there’s no need to grovel but there is a clear need to apologise. Speaking as a LinkedIn user myself, they need to display a bit more humility to assure me they are sorting this out as a matter of urgency and to convince me it can never happen again.
“Right now they’re failing on pretty much all points.”
Alys Woodward, research director at market intelligence firm IDC Europe, agrees LinkedIn should have admitted to its data breach earlier and taken more steps to contact users directly quickly – especially considering it markets itself a social network.
She adds: “LinkedIn [posting on its Twitter account with links to a blog to keep users updated] was saying ‘come to where we are’ but I’d say do the opposite, especially with the way the news spikes – it’s not how tall that spike is, it’s how long it goes on for before it turns into a mountain.
“[Brands suffering data leaks] should email people, post on Twitter, Facebook and address their customers where they are – you shouldn’t have to let people do a Google search or find out through word of mouth.”
LinkedIn’s EMEA communications manager Darain Faraz says LinkedIn’s philosophy is “members come first” and that it worked quickly to launch an investigation to confirm the leak and then took “immediate action” to inform members of the outcome.
It also put in place enhanced security for its members, which involves the hashing and salting of its password databases.
He adds: “All of this activity was supported by regular communication to our members and the public as we investigated and made progress on the technical front.
“Every major challenge brings with it the opportunity to learn a huge amount about your organisation and how to improve the way your operate. We deeply apologise to all our members for any inconvenience this has caused.”
Dating site eHarmony and music streaming service Last.fm were also found to be victims of hackers last week, with password data again posted on Russian web forums.
The potential cost of a data breach
Source: Symantec and Ponemon Institute (data from 2011)
The average cost per user of a data breach rose £8 to £79
2.9% of users stopped doing business or deleted accounts with companies associated with data breaches
Organisational cost of a breach averaged £1.75m, down 8% on 2010
Negligent employees or contractors responsible for 36% of data breaches