A LinkedIn user has filed suit against the business for $5 million, claiming the networking site failed its members by not doing enough to protect the 6.5 million passwords that were leaked in a recent hack attack.
The bone of contention picked by the lawsuit is that LinkedIn only protected passwords with a form of security called “hashes,” instead of also “salting” them, another kind of security, reports the Los Angeles Times.
“Industry standards require at least the additional process of adding ‘salt’ to a password before running it through a hashing function,” the lawsuit claims. “This procedure drastically increases the difficult of deciphering the resulting encrypted password.”
A LinkedIn spokeswoman says that none of its users’ accounts were breached as a result of the hack attack.
“Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation,” she said in an email statement. “We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behavior.”
After the attack, LinkedIn announced it would now be salting its users’ passwords.
LinkedIn sued for $5 million for security breach [Chicago Tribune]