Categories: SecurityWorkspace

LinkedIn Facing Class Action Lawsuit Over Password Breach

A class action lawsuit has been launched against LinkedIn after over 6 million of the social network’s user passwords were stolen and posted online.

The suit is being led by plaintiff Katie Szpyrka, who has alleged LinkedIn failed to properly safeguard users’ personally identifiable information, violating its own user agreement and privacy policy by not using “long-standing industry standard protocols and technology.”

The court filing alleged LinkedIn was using “insufficient encryption methods to secure the user data”, meaning hackers could “easily” decipher a significant number of the passwords. It claimed early reports had indicated an SQL injection attack was used to acquire the passwords, which would again point to weak security practices at LinkedIn.

Salt with your passwords, sir?

The stolen LinkedIn passwords were stored as unsalted SHA-1 hashes, which offers some protection, but many in the security industry see the standard as an inherently insecure one.

Following the breach, LinkedIn announced “a long-planned transition” to a password database system that both hashes and salts the passwords, providing a double-layer of security.

LinkedIn refuted the claims in the court filing, claiming it was inspired by lawyers wanting to exploit the situation.

“We have recently learned that a class action lawsuit has been filed against the company related to the theft of hashed LinkedIn member passwords that were published on an unauthorised website,” a spokesperson told TechWeekEurope.

“No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured.

“Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation. We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behavior.”

Are you a security lover? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Amazon Boss Denies Return To Office Mandate Is ‘Backdoor Layoff’

CEO Andy Jassy tells Amazon staff that the recent 5-day in-office mandate is not meant…

3 hours ago

Apple Set To Be Fined Under EU’s Tough DMA – Report

Tech giant Apple could be facing another hefty financial penalty, amid a report the EU…

4 hours ago

Serco Tracking Devices On Prison Vans Disabled After Cyberattack

Worrying development. Cyberattack on third party supplier disables tracking systems and panic alarms in Serco…

7 hours ago

UK Orders Chinese Entity To Sell Stake In Scottish Chip Firm FTDI

Chinese owner of Scottish fabless semiconductor firm FTDI ordered to sell majority stake, due to…

9 hours ago

Watchdog Says Vodafone, Three Merger Could Proceed With Certain Remedies

British competition regulator provisionally finds Vodafone, CMA merger can proceed, if 'remedies' on pricing and…

10 hours ago