First Lawsuit against LinkedIn Security Breach Filed
The LinkedIn security breach saga has taken a new turn as a lawsuit was filed against the company on June 18. The potential class action suit accuses the professional social network of not following industry standards in their security practices. This security lapse has been pin pointed as the reason for the breach and users passwords ending up online.
Hackers were able to access passwords for 6.5 million LinkedIn users and posted the data on a Russian forum on June 6.
The news spread quickly online and the company posted a delayed confirmation at the end of the day. In the following days many users were unsatisfied with LinkedIn’s response time and information they were giving out. Many thought that the company was not forthcoming about how bad the security breach had been.
LinkedIn stated that their investigation had shown that the security breach had not been beyond the passwords and they asked users to change their passwords immediately.
Further details have emerged to exactly what vulnerability existed in LinkedIn’s security protocol. It has been reported that LinkedIn encrypted the passwords of users saved in their database also known as a hashed format. However, they did not “salt” them like other website o. “Salting” is basically adding additional characters to make the encrypted data more difficult to crack. Since this extra layer of security was not added hackers were able to decrypt the passwords.
The lawsuit was filed by Katie Szpyrka who is a subscriber of the service. The filing has asked the case to be given a class action status so that other users will fall under it. The suit claims that LinkedIn did not use “long standing industry standard encryption protocols,” which lefts its user’s personal information vulnerable. The suit further claims that LinkedIn misled users by letting them thing that it was using industry standard security measures to protect data.
LinkedIn has responded by saying the case is “without merit.” The company is ready to defend itself and think the whole situation is being pushed by lawyers looking for a settlement.