LinkedIn Sued For $5 Million For Failing To Protect Passwords During Breach

A LinkedIn user has filed suit against the business for $5 million, claiming the networking site failed its members by not doing enough to protect the 6.5 million passwords that were leaked in a recent hack attack.

The lawsuit seeks class action status, and was filed by an Illinois woman who says LinkedIn royally messed up when it came to safeguarding its users’ passwords. The suit claims the business social network failed its privacy policy, which says it will protect its 160 million users’ passwords with industry-standard protocols and technology.

The bone of contention picked by the lawsuit is that LinkedIn only protected passwords with a form of security called “hashes,” instead of also “salting” them, another kind of security, reports the Los Angeles Times.

“Industry standards require at least the additional process of adding ‘salt’ to a password before running it through a hashing function,” the lawsuit claims. “This procedure drastically increases the difficult of deciphering the resulting encrypted password.”

A LinkedIn spokeswoman says that none of its users’ accounts were breached as a result of the hack attack.

“Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation,” she said in an email statement. “We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behavior.”

After the attack, LinkedIn announced it would now be salting its users’ passwords.

LinkedIn sued for $5 million for security breach [Chicago Tribune]