We wondered how long it would be before a LinkedIn-related lawsuit popped up following its recent security breach, and we now have the answer: about nine days.
Szpyrka’s action accuses the company of “failing to properly safeguard its users’ digitally stored personally identifiable information” and also of “failing to utilize long-standing industry standard protocols and technology” to protect users.
Szpyrka, who pays a monthly fee of $26.95 for a premium LinkedIn account, says the networking site used an alarmingly weak encryption format whereby it failed to ‘salt’ the passwords before storing them. Put simply, salting passwords adds another layer of security, making them more difficult for hackers to crack.
It looks like Szpyrka might have a point. On June 12, six days after the breach came to light, LinkedIn issued a statement saying it had added improved security measures for its users, explaining that it had completed a “long-planned transition” to a new security system — a system that salts passwords.
According to LinkedIn spokesperson Erin O’Harra, the company is more than ready to defend itself against any claims. In an email to Cnet on Tuesday, she described the allegations as “without merit.”
“No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured,” she said. “Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation.”
Included in the lawsuit are US-based users of the site who had an account with LinkedIn on or before June 6.
- Attacker stole user data from Reddit through employee accounts
- 92 million accounts at DNA testing service MyHeritage have been hacked
- Firefox’s new Monitor service will let you know if you’ve been hacked
- Timehop data breach may have compromised 21 million email addresses
- Documents show Apple knew the iPhone 6 range would bend