Advertisement
 
YOU ARE HERE: LAT HomeCollectionsLawsuit

LinkedIn sued for $5 million for security breach

June 21, 2012|By Salvador Rodriguez
  • LinkedIn has been sued by an Illinois woman for $5 million after its security breach earlier this month.
LinkedIn has been sued by an Illinois woman for $5 million after its security… (Paul Sakuma / Associated…)

After being attacked by a hacker who stole 6.5 million of its passwords, LinkedIn is now being sued by one of its users for $5 million.

The lawsuit was filed on Friday in U.S. District Court in Northern California by an Illinois woman named Katie Szpyrka who in the lawsuit says LinkedIn failed to safeguard its users passwords.

The lawsuit, which seeks class-action status, says LinkedIn did not meet its privacy policy, which states that the business social network protects its 160-million users' information with industry-standard protocols and technology.

But the lawsuit says the passwords stolen by LinkedIn were only protected by hashes — a form of password security — and weren't also salted — which is another form of password security typically used on top of hashing.

“Industry standards require at least the additional process of adding 'salt' to a password before running it through a hashing function,” the lawsuit claims according to eWeek. “This procedure drastically increases the difficult of deciphering the resulting encrypted password."

Erin O'Harra, a spokeswoman for LinkedIn, said the company has not found that any of its users' accounts were actually breached as a result of the attack.

"Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation," O'Harra said in an email statement. "We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behavior."

The suit was filed about a week and half after LinkedIn confirmed the attack. The company on June 6 began looking into reports that a hacker had dumped a list containing 6.5 million of its users' passwords and later confirmed that they had in fact been stolen.

LinkedIn had to force its affected users as well as some other users they suspected may have also been compromised to change their passwords.

Following the attack, LinkedIn announced that it would now be salting its passwords.

RELATED:

Like LinkedIn, eHarmony is hacked; 1.5 million passwords stolen

LinkedIn confirms passwords were compromised

LinkedIn working with FBI to investigate hacking

Follow Salvador Rodriguez on Facebook, Twitter or Google+

Advertisement
Los Angeles Times Articles
|
|
|