I was on Twitter earlier and saw a few tweets from CK, asking some very common sense questions. Basically, she wanted to know why LinkedIn wasn’t making its users more aware of what happened with the recent security breach that resulted in millions of passwords from LinkedIn members being stolen, and also what LinkedIn was doing to correct the problem.
She’s exactly right. This morning, LinkedIn finally verified the security breach via a post on its blog. But if you go to LinkedIn’s site, there’s no mention of the issue (that I can see). So far there’s been no communication from LinkedIn to its members (LinkedIn has said it’s emailed the affected users to let them know to change their passwords).
But if LinkedIn can address the situation on its blog, why can’t it email its members to let them know what’s happening? This is Crisis Management 101: When there’s an issue like this, you communicate as soon as possible to those affected (hint: It’s ALL your members, not those with stolen passwords only), and let them know what has happened, and what steps are being taken to address and correct the situation.
Because if you don’t, you are sending a very bad message to your members. You are telling us that you only send us emails when it’s important, like when you want us to upgrade to a premium account, or update our profile, or connect our email address book to our account. But when it comes to our security, well that’s not important enough to warrant a ‘personal’ email. As a result, we are finding out about this mess via the press, instead of via LinkedIn. See? In a crisis situation, we WILL find out the rest of the story, you can either tell us yourself in a proactive manner, or we’ll find out from other sources.
Trust is very hard to win, and incredibly easy to lose. Because of how LinkedIn has handled this situation, they are communicating to me that the site places its own self-interests above mine (all companies do, but don’t make it so obvious!). And to be fair, I totally get needing to do an internal investigation and understand exactly what the situation is before you comment publicly. My point is LinkedIn has ALREADY commented, on its blog. Guess what…not all of its members read its blog. If the company can email us with self-promotions, why can’t it email us to alert us to a situation that could affect our membership, and our online security.
There’s no reason why they can’t. And the fact that they are not speaks volumes.