A class action lawsuit has been launched against LinkedIn after over 6 million of the social network’s user passwords were stolen and posted online.
The suit is being led by plaintiff Katie Szpyrka, who has alleged LinkedIn failed to properly safeguard users’ personally identifiable information, violating its own user agreement and privacy policy by not using “long-standing industry standard protocols and technology.”
The court filing alleged LinkedIn was using “insufficient encryption methods to secure the user data”, meaning hackers could “easily” decipher a significant number of the passwords. It claimed early reports had indicated an SQL injection attack was used to acquire the passwords, which would again point to weak security practices at LinkedIn.
The stolen LinkedIn passwords were stored as unsalted SHA-1 hashes, which offers some protection, but many in the security industry see the standard as an inherently insecure one.
Following the breach, LinkedIn announced “a long-planned transition” to a password database system that both hashes and salts the passwords, providing a double-layer of security.
LinkedIn refuted the claims in the court filing, claiming it was inspired by lawyers wanting to exploit the situation.
“We have recently learned that a class action lawsuit has been filed against the company related to the theft of hashed LinkedIn member passwords that were published on an unauthorised website,” a spokesperson told TechWeekEurope.
“No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured.
“Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation. We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behavior.”
Are you a security lover? Try our quiz!
CEO Andy Jassy tells Amazon staff that the recent 5-day in-office mandate is not meant…
Tech giant Apple could be facing another hefty financial penalty, amid a report the EU…
Victory of Donald Trump in the US Presidential election and the potential implications for the…
Worrying development. Cyberattack on third party supplier disables tracking systems and panic alarms in Serco…
Chinese owner of Scottish fabless semiconductor firm FTDI ordered to sell majority stake, due to…
British competition regulator provisionally finds Vodafone, CMA merger can proceed, if 'remedies' on pricing and…