LinkedIn hit with $5 million class action suit
An Illinois woman who claims LinkedIn violated its own user agreement and privacy policy is spearheading a class action lawsuit against the business-networking site in wake of the recent loss to hackers of private data.
Katie Szpyrka, a registered LinkedIn account holder since 2010, claims the company “failed to properly safeguard its users’ digitally stored personally identifiable information including email addresses, passwords, and login credentials.”
Szpyrka, who filed the suit in United State District Court in the Northern District of California, is demanding a jury trial on grounds including breach of contract and negligence.
She says the users in the class action group include individuals and entities in the United States who had a LinkedIn account on or before June 6, 2012, including those who paid for an upgraded account.
Two weeks ago, LinkedIn reported that Russian hackers had stolen nearly 6.5 million passwords. Users, who are prone to reuse passwords across different web sites, were urged to change their passwords. With more than 150 million users, the password theft involved less than 5% of LinkedIn’s user base.
In the suit, Szpyrka, who pays $26.95 per month for a premium LinkedIn account, says LinkedIn’s privacy policy promises users that all the information they provide will be protected with industry standards and technology.
She says LinkedIn failed to comply with basic industry standards by using a weak encryption format. The company had encrypted passwords with a SHA-1 algorithm, but according to experts the fact the company neglected to “salt” the hash weakened the security.
The suit specifically points out that LinkedIn failed to salt the passwords before storing them. The salt adds a dimension to the hash that makes it more difficult to uncover the protected data.
The suit also references preliminary reports that said hackers used an SQL injection attack, which lets hackers access databases via a Web site.
SQL injection attacks have been one of the most common forms of attack dating back to 2007. The first attacks date back to 2005. The suit sites National Institute of Standards and Technology checklists as common guidance for avoiding SQL injection attacks.
The suit also faults LinkedIn for not publicizing the attack and says it only came to light after it was announced by third-parties. The suit claims the company later admitted it “was not handling user data in accordance with best practices.”
The suit claims that damages are in excess of $5 million.
Katie Szpyrka, a registered LinkedIn account holder since 2010, claims the company “failed to properly safeguard its users’ digitally stored personally identifiable information including email addresses, passwords, and login credentials.”
Szpyrka, who filed the suit in United State District Court in the Northern District of California, is demanding a jury trial on grounds including breach of contract and negligence.
She says the users in the class action group include individuals and entities in the United States who had a LinkedIn account on or before June 6, 2012, including those who paid for an upgraded account.
Two weeks ago, LinkedIn reported that Russian hackers had stolen nearly 6.5 million passwords. Users, who are prone to reuse passwords across different web sites, were urged to change their passwords. With more than 150 million users, the password theft involved less than 5% of LinkedIn’s user base.
In the suit, Szpyrka, who pays $26.95 per month for a premium LinkedIn account, says LinkedIn’s privacy policy promises users that all the information they provide will be protected with industry standards and technology.
She says LinkedIn failed to comply with basic industry standards by using a weak encryption format. The company had encrypted passwords with a SHA-1 algorithm, but according to experts the fact the company neglected to “salt” the hash weakened the security.
The suit specifically points out that LinkedIn failed to salt the passwords before storing them. The salt adds a dimension to the hash that makes it more difficult to uncover the protected data.
The suit also references preliminary reports that said hackers used an SQL injection attack, which lets hackers access databases via a Web site.
SQL injection attacks have been one of the most common forms of attack dating back to 2007. The first attacks date back to 2005. The suit sites National Institute of Standards and Technology checklists as common guidance for avoiding SQL injection attacks.
The suit also faults LinkedIn for not publicizing the attack and says it only came to light after it was announced by third-parties. The suit claims the company later admitted it “was not handling user data in accordance with best practices.”
The suit claims that damages are in excess of $5 million.
About the Author: Ifeanyi Emeka is the founder of Tech Forked. He is passionate about tech stuffs and loves customizing blogger themes.
0 comments for "LinkedIn hit with $5 million class action suit"