LinkedIn Breach Leads to $5M Class Action Lawsuit
A LinkedIn user affected by the massive 6.46 million password breach is spearheading a class action lawsuit against the company for allegedly violating their own user agreement and privacy policy.
Katie Szpyrka, a LinkedIn user since 2010, claimed that the company “failed to properly safeguard its users’ digitally stored personally identifiable information including email addresses, passwords, and login credentials.”
Earlier this month, it was reported that a hacker bragged in a Russian forum that he acquired millions of LinkedIn passwords. Though LinkedIn did not verify the breach at first, they urged users to change their passwords as a precautionary measure.
A representative from LinkedIn stated that there is no basis for any lawsuits against the company since the breach did not affect any member accounts nor did it result to any damages to the users.
“No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured,” said Erin O’Harra, a public relations associate with LinkedIn. “Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation. We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behavior.”
Szpyrka, who pays $26.95 per month for a premium LinkedIn account, stated in her filing that LinkedIn used a weak encryption format that left open millions of passwords ready for the picking. She also noted that the company failed to “salt” – add dimensions to their hash to make it difficult to uncover protected data, their hash which resulted in their weakened security.
The suit also pointed out that the hacker/s used SQL injection attacks, which used Web sites to gain access to databases, meaning LinkedIn did not comply with the National Institute of Standards and Technology checklists as common guidance for avoiding SQL injection attacks.
Another thing mentioned in the lawsuit was LinkedIn’s failure to publicize the incident, and it wasn’t until third parties reported the breach that they admitted to it.
The class action lawsuit is claiming $5 million in damages for the password breach.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
