$5 Million Class Action Suit Filed Against LinkedIn Over Security Breach

1 comment

An Illinois woman is organizing a class action lawsuit against professional social networking site LinkedIn, arguing that the site failed to meet “industry standard” security practices in regards to a recent data breach that resulted in 8 million LinkedIn user passwords being leaked.

Though LinkedIn said that only a “small subset of the hashed passwords was decoded and published,” security site Sophos  said the number of decrypted LinkedIn passwords is actually closer to 60 percent.

Last year, a security analyst reported that LinkedIn is open to security flaws that could potentially allow hackers to breach users’ accounts without the need for their passwords.

Katie Szpyrka, who has been a LinkedIn member since 2010, said LinkedIn “failed to properly safeguard its users’ digitally stored personally identifiable information including email addresses, passwords, and login credentials.”

She filed the suit in United State District Court in the Northern District of California. She is now requesting a jury trial over reasons of breach of contract and negligence.

Reports have cited a statement by LinkedIn which said Szpyrka’s lawsuit “without merit” and “driven by lawyers looking to take advantage of the situation”. It added that it would defend itself “vigorously.”

In the suit, Szpyrka said that despite paying $26.95 per month for a premium LinkedIn account, LinkedIn has not complied with basic industry standards by using a weak encryption format.

LinkedIn said it used a SHA-1 algorithm to encrypt passwords  but experts said that the company neglected to “salt” the hash, which makes the hash more difficult to uncover the protected data.

In the court documents, Szpyrka said that the users in the class action group include individuals and entities in the United States who had a LinkedIn account on or before June 6, 2012.

The suit mentions that LinkedIn did not salt the passwords before storing them, relied on an outmoded hashing format to store passwords, and did not adhere to “basic security checklists” supplied by the US National Institute of Standards.

Talk Back: Do you think there is any validity to this class action suit against LinkedIn? Were you one of the many individuals affected by the LinkedIn security breach? Let us know in the comments.

Add Your Comments

  • (will not be published)

One Comment

  1. KO

    I would agree with what LinkedIn said in response to this gold digging attorneys statement. Greedy attorneys, looking to take advantage of the situation. I guess everyone should get a piece of Sony's profits since Playstation was hacked. Same for Global Payment Systems and countless others that don't even reach the media. What a b----