A class action lawsuit has been launched against LinkedIn after over 6 million of the social network’s user passwords were stolen and posted online.
The suit is being led by plaintiff Katie Szpyrka, who has alleged LinkedIn failed to properly safeguard users’ personally identifiable information, violating its own user agreement and privacy policy by not using “long-standing industry standard protocols and technology.”
The court filing alleged LinkedIn was using “insufficient encryption methods to secure the user data”, meaning hackers could “easily” decipher a significant number of the passwords. It claimed early reports had indicated an SQL injection attack was used to acquire the passwords, which would again point to weak security practices at LinkedIn.
The stolen LinkedIn passwords were stored as unsalted SHA-1 hashes, which offers some protection, but many in the security industry see the standard as an inherently insecure one.
Following the breach, LinkedIn announced “a long-planned transition” to a password database system that both hashes and salts the passwords, providing a double-layer of security.
LinkedIn refuted the claims in the court filing, claiming it was inspired by lawyers wanting to exploit the situation.
“We have recently learned that a class action lawsuit has been filed against the company related to the theft of hashed LinkedIn member passwords that were published on an unauthorised website,” a spokesperson told TechWeekEurope.
“No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured.
“Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation. We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behavior.”
Are you a security lover? Try our quiz!
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…