In the age of digitalization and technological progress, more people and organizations rely on modern advancements. They facilitate most day-to-day operations, introducing convenient and unparalleled methods of work and leisure. However, new threats emerge along with the progress, putting society at risk. The Internet has become the largest storage of personal and corporate information in the history of the world. In this regard, the opportunities for remote access form an area of increased risk, as third parties can obtain it in an unauthorized manner. LinkedIn, the world’s largest professional social network, has experienced such a development twice, in 2012 and 2021. The data relating to hundreds of millions of users was leaked online in the Dark Web segment of the Internet. Such leaks became the product of hackers’ desire to profit from the cybersecurity flaws of LinkedIn. These cases are detrimental to society, as users of various services become exposed to illegal actions. In addition, the public trust in such platforms becomes undermined, providing arguments against progress. This paper aims to investigate the cybersecurity weaknesses of LinkedIn from technological, personal, and policy perspectives.
First of all, cybersecurity is a matter of technological development, as it is related to the concept of progress itself. As hacking tools evolve, so should the cybersecurity infrastructures of platforms that possess large arrays of user data. Ahmed et al. (2019) refer to technological factors as one of the key determinants of the data breach possibility. In other words, if the cybersecurity architecture of service is flawed, hackers can access confidential information with fewer difficulties. According to Tunggal (2021), LinkedIn experienced major data breaches twice, in 2012 and 2021, resulting in millions of users’ data being compromised. This information suggests that the platform was not able to implement the required security infrastructure after the first case. The most recent incident occurred due to the exploitation of the platform’s API. Accordingly, this architecture that aims at establishing the site’s connection to other services was not protected from a skilled hacker. Thus, the lack of a developed cybersecurity infrastructure embedded in the platform’s API reveals the key weakness.
On the other hand, technological aspects of cybersecurity weaknesses do not exist in isolation. Ahmed et al. (2019) mention human factors as another key component of major data breaches. Despite the current progress, cybersecurity infrastructure is built by people, making it subject to errors. If weaknesses are allowed and a data breach occurs, it is essential to draw meaningful conclusions and prevent them from happening again, which was not the case for LinkedIn. Despite a prior major leak, the platform’s team was unable to secure its API, making it susceptible to another cyberattack. In this context, the size of the company may be a major factor at play. In larger companies, it becomes more difficult to control all procedures, whereas employee turnover is higher (Rombaut & Guerry, 2021). Thus, being a giant in its segment, LinkedIn appears to exercise less control over its human resources, including cybersecurity teams.
Finally, the prevention and handling of data breaches put the company’s strategic policy to the ultimate test. In the case of LinkedIn, this factor revealed a sub-optimal level of performance. Tunggal (2021) reports that the company concealed the exact numbers regarding the scale and the scope of the 2012 data leak. Moreover, in 2021, LinkedIn rejected the breach terminology when addressing the matter, claiming that users of the platform have not been compromised (Morris, 2021). The outcomes of the incident suggest otherwise, as the leak exposed hundreds of millions of people who later were harassed by those who obtained their data illegally. Denying all accusations is an ineffective policy for LinkedIn, as it undermines the public’s trust in the platform. In addition, if the company does not acknowledge the breach, it appears unlike to address the matter properly. Therefore, LinkedIn’s policy in this regard should be transformed to reflect the magnitude of the situation.
References
Rombaut, E., & Guerry, M. A. (2021). Determinants of voluntary turnover: A data-driven analysis for blue and white collar workers. Work (early access pre-print), 1-21.
Ahmed, M., Kambam, H. R., Liu, Y., & Uddin, M. N. (2019). Impact of human factors in cloud data breach. In F. Xhafa, S. Patnaik, & M. Tavana (Eds.), Advances in intelligent systems and interactive applications (pp. 568-577). Springer.
Morris, C. (2021). Massive data leak exposes 700 million LinkedIn users’ information. Fortune. Web.
Tunggal, A. T. The 57 biggest data breaches (updated for 2021). UpGuard. Web.