LinkedIn lawsuit: Following security breach, company hit with $5m suit

We wondered how long it would be before a LinkedIn-related lawsuit popped up following its recent security breach, and we now have the answer: about nine days.

Illinois resident Katie Szpyrka filed a $5 million class action lawsuit against LinkedIn in the US District Court in the Northern District of California on June 15, claiming the business-oriented social networking site violated its own user agreement and privacy policy. The move comes in relation to a security breach around June 6 when LinkedIn admitted that encrypted passwords belonging to some 6.5 million of its 160 million users had been stolen and posted on the web.

Szpyrka’s action accuses the company of “failing to properly safeguard its users’ digitally stored personally identifiable information” and also of “failing to utilize long-standing industry standard protocols and technology” to protect users.

Szpyrka, who pays a monthly fee of $26.95 for a premium LinkedIn account, says the networking site used an alarmingly weak encryption format whereby it failed to ‘salt’ the passwords before storing them. Put simply, salting passwords adds another layer of security, making them more difficult for hackers to crack.

It looks like Szpyrka might have a point. On June 12, six days after the breach came to light, LinkedIn issued a statement saying it had added improved security measures for its users, explaining that it had completed a “long-planned transition” to a new security system — a system that salts passwords.

According to LinkedIn spokesperson Erin O’Harra, the company is more than ready to defend itself against any claims. In an email to Cnet on Tuesday, she described the allegations as “without merit.”

“No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured,” she said. “Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation.”

Included in the lawsuit are US-based users of the site who had an account with LinkedIn on or before June 6.

[Source: ZDNet, Cnet]

Get our Top Stories delivered to your inbox: