View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

LinkedIn facing $5m lawsuit over password hack

Site says claims are without merit and will fight the allegations

By Steve Evans

LinkedIn is facing a class action lawsuit over the hack that saw 6.5 million account passwords stolen and posted online.

The $5m suit claims the business social network violated promises to its customers by not having better security in place and should have done a better job of protecting user details.

It was filed by Illinois-based LinkedIn user Katie Szpyrka. The suit claims LinkedIn failed, "to comply with long-standing industry standard encryption protocols." The case alleges that the fact LinkedIn stored passwords in unsalted SHA1 hashed format meant it failed to adequately secure its users’ details.

LinkedIn told CBR it would fight the allegations and believes the lawsuit is nothing more than lawyers making work for themselves.

"A class action lawsuit has been filed against LinkedIn related to the theft of hashed LinkedIn member passwords that were published on an unauthorized website," a statement said.

"We don’t believe any member account has been compromised as a result of the password theft, and we have no reason to believe that any LinkedIn member has been injured," the statement added. "Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation."

LinkedIn concluded: "We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behaviour."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Since the news broke of the password hack, LinkedIn says it has completed a "long-planned" move to a new security system for passwords.

"The LinkedIn technology team has completed a long-planned transition from a password database system that hashed passwords, i.e. provided one layer of encoding, to a system that both hashes and salts the passwords, i.e. provides an extra layer of protection," the company said. It added that for security reasons it would not provide any further details.

News of the hack first broke in early June, when a user on a Russian hacker forum asked for help in decrypting some 6.5 million LinkedIn passwords. The company was criticised for its security systems at the time of the attack.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.