LinkedIn hit with class action suit following password leak
Posted on 21 June 2012.
It seems that LinkedIn can't catch a break these days.

Following the discovery that its mobile app for iOS devices is sending potentially confidential information to the company servers without the users' knowledge, the leak of 6.5 million of its users' passwords, and the poor job they made at keeping users informed about the situation and the likely consequences, the company has been hit with a class action lawsuit.

The leader is Illinois resident Katie Szpyrka, who has been a LinkedIn customer since 2010, and has been paying $26 a month for a premium account.

In the lawsuit she alleges that LinkedIn violated its own privacy policy when it failed to salt the hashed passwords before storing them, making thus the job much easier for the attackers.

"LinkedIn failed to use a modern hashing and salting function, and therefore drastically exacerbated the consequences of a hacker by bypassing its outer layer of security. In so doing, defendant violated its privacy policy's promise to comply with industry standard protocols and technology for data security," it says in the complaint.

"That LinkedIn did not recognize its databases had been compromised until it was informed through public channels provides further evidence that the company didn't adhere to industry standards. Specifically, LinkedIn did not implement, or it poorly implemented, an intrusion detection system to properly identify and quickly respond to attacks on its servers."

Szpyrka also claims that the professional social network failed to warn the users about the breach adequately and in time. When the warning emails were finally sent, half a million of them either never reached the users, as they were flagged by anti-spam filters, or were ignored by the users themselves as there were no obvious signs that the emails were legitimate.

According to ThreatPost, LinkedIn spokeswoman Erin O'Harra said the lawsuit is "without merit", pointed out that no member account has been breached as a result of the incident, and that the company will defend itself "vigorously".

Szpyrka is asking for $5 million or more in damages.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th