Back in 2012, LinkedIn (NYSE:LNKD.DL) was hit by a hack which resulted in 6.5 million passwords being dumped onto a Russian hacker forum. At the time, LinkedIn disabled the affected accounts, worked with law enforcement, and added new security measures to the site.
But in mid-May, about 117 million members' emails and passwords from the same hack went on sale on a deep web marketplace. Motherboard claims that some of those "no salt" (easy to crack) accounts were hacked within 72 hours, and many of the victims had been using the same passwords since 2012.
LinkedIn stated that it was "taking immediate steps to invalidate the passwords of the accounts impacted," and "will contact those members to reset their passwords." The company also emphasizes that the accounts leaked were from the 2012 data breach, and it had "no indication that this is a result of a new security breach."
The new leak hit LinkedIn just as it started showing some signs of improvement after several quarters of mixed guidance. Last quarter, sales rose 35% annually and beat estimates as hiring, marketing, and premium subscriptions revenue all generated robust double-digit growth. Total members grew 19% annually to 433 million.
LinkedIn will need to work hard to prevent the password leak from becoming another memorable PR debacle. Back in 2011, LinkedIn launched an advertising system which tapped users' photos and recommendations, resulting in a fierce backlash from privacy advocates. Last year, it was forced to pay a $13 million fine in a class action lawsuit over spamming its users with constant email invitations and notifications.
But LinkedIn's not alone
LinkedIn's ongoing data breach could harm the company's brand, but other social networks have recovered from breaches before. In 2013, Twitter stated that 250,000 of its accounts were compromised in a data breach. That same year, Facebook admitted that a year-long data breach had exposed around 6 million users' phone numbers and email addresses to unauthorized viewers.
However, LinkedIn's data breach is significantly wider than Twitter or Facebook's, and could undermine the confidence of its core market of enterprise users. LinkedIn investors shouldn't panic about the data breach, but they should closely monitor how LinkedIn handles the situation, and whether or not this leak finally marks the end of the 2012 attack.