When news broke yesterday of a massive data breach at LinkedIn, in which a file containing 6.5 million passwords was posted online, the company took to fellow social media network Twitter to update both the press and consumers.
Its first tweet stated: ‘Our team is currently looking into reports of stolen passwords. Stay tuned for more.’
LinkedIn later posted: ‘Our team continues to investigate, but at this time, we're still unable to confirm that any security breach has occurred. Stay tuned here.’
The indirect approach to communicating about the breach and a lack of a formal statement led the media to seek advice from security experts rather than LinkedIn professionals. IT security and data protection firm Sophos was quoted widely and urged users to change their security details immediately. The press was also quick to state LinkedIn had refused to comment.
The site has in excess of 161 million members in more than 200 countries and more than nine million in the UK. PRWeek revealed last week that the social network is on the hunt for a UK PR agency – a brief currently held by Edelman.
The security scare has caused fresh embarrassment for the site after privacy concerns were raised about its iPhone and iPad apps, which were found to transmit users’ meeting notes back to LinkedIn servers without their permission.
LinkedIn declined to comment on its comms handling, directing PRWeek to a blog post late last night.
The site’s latest update, posted late yesterday, was a carefully worded blog post from LinkedIn director Vicente Silveira.
In the post Silveira admitted passwords belonging to ‘some’ of its members had been compromised and that they were ‘continuing to investigate this situation’. This was the first admission from the company that security had been breached.
The blog detailed how those affected would be contacted and asked to change their passwords. It also took the opportunity to communicate its recent ‘enhanced security’ which ‘includes hashing and salting [which makes passwords harder to crack] of our current password databases’.
Silveira also stated: ‘We sincerely apologise for the inconvenience this has caused our members. We take the security of our members very seriously.’