Business networking site LinkedIn has announced it took a hit of up to $1 million due to one of the year's largest reported data breaches. LinkedIn spent between $500,000 and $1 million on forensic work after a large number of passwords were breached, LinkedIn CFO Steve Sordello said on the company's earnings call today.
He said the 175-million-member company continued to strengthen its website's security and is expected to add $2 million to $3 million in costs in the current quarter toward those efforts.
“Part of adding value to our members every day means ensuring that their experience on LinkedIn is safe and secure,” he said.
“Since the breach, we have redoubled our efforts to ensure the safety of member account on LinkedIn by further improving password strengthening measures and enhancing the security of our infrastructure and data. The health of our network as measured by number of growth and engagement remains as strong as it was prior to the incident.”
After the leak was discovered, LinkedIn reset the passwords of accounts that they believed were frozen.The stolen passwords were camouflaged using an outdated cryptographic hash function, SHA-1, created by the National Security Agency. In addition to this weakness, LinkedIn failed to add additional security layers, such as salting the passwords, a technique which randomly appends a string of characters.
Following the attack, LinkedIn confirmed in a blog post the addition of new security layers, including the salting of passwords.