LinkedIn Breach Leads to $5M Class Action Lawsuit
A LinkedIn user affected by the massive 6.46 million password breach is spearheading a class action lawsuit against the company for allegedly violating their own user agreement and privacy policy.
Katie Szpyrka, a LinkedIn user since 2010, claimed that the company “failed to properly safeguard its users’ digitally stored personally identifiable information including email addresses, passwords, and login credentials.”
Earlier this month, it was reported that a hacker bragged in a Russian forum that he acquired millions of LinkedIn passwords. Though LinkedIn did not verify the breach at first, they urged users to change their passwords as a precautionary measure.
A representative from LinkedIn stated that there is no basis for any lawsuits against the company since the breach did not affect any member accounts nor did it result to any damages to the users.
“No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured,” said Erin O’Harra, a public relations associate with LinkedIn. “Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation. We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behavior.”
Szpyrka, who pays $26.95 per month for a premium LinkedIn account, stated in her filing that LinkedIn used a weak encryption format that left open millions of passwords ready for the picking. She also noted that the company failed to “salt” – add dimensions to their hash to make it difficult to uncover protected data, their hash which resulted in their weakened security.
The suit also pointed out that the hacker/s used SQL injection attacks, which used Web sites to gain access to databases, meaning LinkedIn did not comply with the National Institute of Standards and Technology checklists as common guidance for avoiding SQL injection attacks.
Another thing mentioned in the lawsuit was LinkedIn’s failure to publicize the incident, and it wasn’t until third parties reported the breach that they admitted to it.
The class action lawsuit is claiming $5 million in damages for the password breach.
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
