An Illinois woman has slapped the popular business networking website with a $5 million lawsuit.
You may recall that, at the beginning of June, a security breach led to about 6.5 million LinkedIn passwords being stolen and posted online.
LinkedIn quickly confirmed and apologized for the security breach while millions of its members rushed online to change their passwords.
Szpyrka’s lawsuit accuses the company of “failing to properly safeguard its users’ digitally stored personally identifiable information” and also of “failing to utilize long-standing industry standard protocols and technology” to protect its users.
Szpyrka, who pays $26.95 per month for a premium LinkedIn account, says the website used an inferior encryption process whereby it failed to “salt” users’ passwords before storing them. Salting passwords makes them harder to crack.
Sure enough, on June 12, six days after the password fiasco, LinkedIn issued a statement saying it had added tougher security measures for its users, explaining that it had completed a “long-planned transition” to a new security system “salts” passwords.
LinkedIn spokesperson Erin O’Harra says the company is prepared to defend itself against the claims. In an email, she said that the allegations as “without merit.”
“No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured,” she said. “Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation.”
Included in the new class action lawsuit are U.S.-based users who had a LinkedIn account on or before June 6.
- LinkedIn password leak: Illinois woman files lawsuit over incident (shortformblog.com)
- LinkedIn hit with class action suit following password leak (net-security.org)
- LinkedIn getting sued for $5 million over the security breach (buzzom.com)