LinkedIn Facing Class Action Lawsuit For Security Breach, Stolen Passwords
Well, it was only a matter of time before this happened.
An Illinois woman is launching a class action lawsuit against LinkedIn over the recent security breach which saw millions of passwords stolen.
The company was forced to admit two weeks ago that as many as six million passwords had been pinched and leaked online; the figure was later raised to eight million.
And, says lead plaintiff Katie Szpyrka, the breach occurred because LinkedIn failed to encrypt personal information such as email addresses and passwords, and stored them in an outdated hashing function.
Published right back in 1005 by the National Security Agency, the unsalted SHA1 hashed format doesn't include 'salt', the assigning of random values to data before it's input.
"LinkedIn's failure to comply with long standing industry standard encryption protocols jeopardized its users' PII, and diminished the value of the services provided by defendant - as guaranteed by its own contractual terms," reads the complaint.
The lawsuit is accusing LinkedIn of negligence and failing to properly encrypt user data.
Personally, I think this lawsuit is just a way for folks to make some money off of LinkedIn's security breach. LinkedIn may not have been able to recover those stolen passwords, but no one's account was breached as a result, and LinkedIn has implemented proper encrypting procedures. There's really not much more a lawsuit can do other than make LinkedIn pay a heavy fine.
That being said, LinkedIn's not completely off the hook here. There is no reason that a site, especially a "professional" social networking site like LinkedIn, shouldn't have proper security measures to protect its users. this whole mess never should have happened, and it's unfortunate that it took such a catastrophic breach in security for LinkedIn to get their act together.