LinkedIn users want $5m for data breach

By Marcos Colon on Jun 21, 2012 8:10 AM
Filed under Security

Band together in lawsuit.

A class-action lawsuit has been filed against LinkedIn over the June 6 data breach that resulted in the theft of nearly 6.5 million passwords.

The plaintiff, Katie Szpyrka, a premium LinkedIn user, is seeking more than $US5 million in damages for the class.

While LinkedIn's privacy policy promises its users that their information is secured through “industry standards, protocols and technology,” the company failed to implement “crucial security measures," according to the complaint.

“Because LinkedIn used insufficient encryption methods to secure the user data, hackers were able to easily decipher a large number of the passwords,” according to the lawsuit.

Following the breach, the social networking site said it used SHA-1 as its encryption method, a hashing function created by the National Security Agency in 1995, but considered to be outdated by security professionals.

In addition, the company did not salt user passwords, a method which randomly appends a string of characters in each password, thus adding an extra layer of security and making the data more difficult for attackers to decrypt.

Since the exposure, LinkedIn announced in a blog post that it has bolstered its security efforts, which includes salting user passwords. However, in the complaint the plaintiff argued that the company's updates are “too little, too late.”

Erin O'Harra, a spokeswoman for LinkedIn, said the company recently became aware of the lawsuit, but has no reason to believe any users of the website were "injured" by the breach.

“It appears that these threats are driven by lawyers looking to take advantage of the situation,” O'Harra said. “We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behavior.”

Szpyrka's attorney, Sean Reis with Edelson McGuire, could not be reached for comment.

Lawsuits that follow breaches are common, but often face a difficult climb for plaintiffs, unless they able to prove financial harm.

This article originally appeared at scmagazineus.com

 
Follow us on Facebook and Twitter
 

Copyright © SC Magazine, US edition

LinkedIn users want $5m for data breach
Tags
 
 
 
 
 
Top Stories
MYOB and Xero locked in a bitter cloud war
Financials show Xero holds cloud dominance but MYOB gaining ground.
 
Larger Apple iPhones delayed after record orders
Craigslist ad demands $10,000 for phone.
 
Google is giving $100k to new data centre users
Freebie offer for startups should win cloud market share.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
My business strategy is to:

Latest Comments
CRN Magazine

Issue: 330 | August 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.