An Illinois woman is organizing a class action lawsuit against professional social networking site LinkedIn, arguing that the site failed to meet “industry standard” security practices in regards to a recent data breach that resulted in 8 million LinkedIn user passwords being leaked.
Though LinkedIn said that only a “small subset of the hashed passwords was decoded and published,” security site Sophos said the number of decrypted LinkedIn passwords is actually closer to 60 percent.
Katie Szpyrka, who has been a LinkedIn member since 2010, said LinkedIn “failed to properly safeguard its users’ digitally stored personally identifiable information including email addresses, passwords, and login credentials.”
She filed the suit in United State District Court in the Northern District of California. She is now requesting a jury trial over reasons of breach of contract and negligence.
Reports have cited a statement by LinkedIn which said Szpyrka’s lawsuit “without merit” and “driven by lawyers looking to take advantage of the situation”. It added that it would defend itself “vigorously.”
In the suit, Szpyrka said that despite paying $26.95 per month for a premium LinkedIn account, LinkedIn has not complied with basic industry standards by using a weak encryption format.
LinkedIn said it used a SHA-1 algorithm to encrypt passwords but experts said that the company neglected to “salt” the hash, which makes the hash more difficult to uncover the protected data.
In the court documents, Szpyrka said that the users in the class action group include individuals and entities in the United States who had a LinkedIn account on or before June 6, 2012.
The suit mentions that LinkedIn did not salt the passwords before storing them, relied on an outmoded hashing format to store passwords, and did not adhere to “basic security checklists” supplied by the US National Institute of Standards.
Talk Back: Do you think there is any validity to this class action suit against LinkedIn? Were you one of the many individuals affected by the LinkedIn security breach? Let us know in the comments.