LinkedIn faces $5 million class-action lawsuit over password breach

A LinkedIn spokesperson said the lawsuit was without merit and was the result of “lawyers looking to take advantage" of the breach
A LinkedIn spokesperson said the lawsuit was without merit and was the result of “lawyers looking to take advantage" of the breach

In early June, LinkedIn admitted that 6.5 million hashed passwords had been stolen from its database after reports of the passwords being posted on a Russian hacker site.

Szpyrka’s complaint alleged that LinkedIn failed to use a combination of hashing and salting to secure user passwords, resulting in the exposure of passwords to hackers.

“LinkedIn violated its own User Agreement and Privacy Policy by failing to utilize long-standing industry standard protocols and technology to protect Plaintiff and the Class members’ PII [personally identifiable information]’, the complaint alleged.

“LinkedIn failed to use a modern hashing and salting function, and therefore drastically exacerbated the consequences of a hacker bypassing its outer layer of security”, the plantiff's pettition added.

The complaint also charged that LinkedIn delayed notifying users of the breach. “Only after third party observers publicly announced the origin of the password list did LinkedIn become aware that its security had been breached and that confidential information had been removed.”

A LinkedIn spokeswoman told Reuters that the lawsuit was without merit and was the result of “lawyers looking to take advantage" of the breach. "No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured", she said.

What’s Hot on Infosecurity Magazine?