Richard U Wheeler

It has become a depressing but now familiar pattern: in the space of a week, reports surfaced both that LinkedIn’s mobile app scraped information from users’ mobile devices and stored it on LinkedIn’s servers—without informing it’s users of the practice—and that LinkedIn user passwords had been broken and stolen by hackers since LinkedIn had only lightly encrypted and poorly defended the data. To make matters worse, like many of the similar breaches of recent years, these weren’t discovered or disclosed by LInkedIn but by private security researchers.

There are a number of concerns here, but one of the biggest is that for many workers today LinkedIn has become part of their “critical infrastructure”. It’s used for business development and networking to such a level that it’s unthinkable to remove yourself from the system—even if LinkedIn can’t keep your data safe. And without the pressure of losing users, LinkedIn may have little financial incentive to clean up its security practices. Which leaves users in the position of having to trust that LinkedIn will learn from it’s mistakes—a pretty shaky proposition given recent events.

Read the full post on the Truman National Security Project blog.