We wondered how long it would be before a LinkedIn-related lawsuit popped up following its recent security breach, and we now have the answer: about nine days.
Szpyrka’s action accuses the company of “failing to properly safeguard its users’ digitally stored personally identifiable information” and also of “failing to utilize long-standing industry standard protocols and technology” to protect users.
Szpyrka, who pays a monthly fee of $26.95 for a premium LinkedIn account, says the networking site used an alarmingly weak encryption format whereby it failed to ‘salt’ the passwords before storing them. Put simply, salting passwords adds another layer of security, making them more difficult for hackers to crack.
It looks like Szpyrka might have a point. On June 12, six days after the breach came to light, LinkedIn issued a statement saying it had added improved security measures for its users, explaining that it had completed a “long-planned transition” to a new security system — a system that salts passwords.
According to LinkedIn spokesperson Erin O’Harra, the company is more than ready to defend itself against any claims. In an email to Cnet on Tuesday, she described the allegations as “without merit.”
“No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured,” she said. “Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation.”
Included in the lawsuit are US-based users of the site who had an account with LinkedIn on or before June 6.
- Everything you need to know about the performance dip on your iPhone
- Companies are sorry about security flaws. Just not sorry enough to change
- Localblox data breach is the latest nightmare for Facebook, LinkedIn
- Ransomware shifts focus from holding passwords hostage to hijacking your PC
- The best password managers for protecting your data online