LinkedIn is facing a class action lawsuit over the hack that saw 6.5 million account passwords stolen and posted online.
The $5m suit claims the business social network violated promises to its customers by not having better security in place and should have done a better job of protecting user details.
It was filed by Illinois-based LinkedIn user Katie Szpyrka. The suit claims LinkedIn failed, "to comply with long-standing industry standard encryption protocols." The case alleges that the fact LinkedIn stored passwords in unsalted SHA1 hashed format meant it failed to adequately secure its users’ details.
LinkedIn told CBR it would fight the allegations and believes the lawsuit is nothing more than lawyers making work for themselves.
"A class action lawsuit has been filed against LinkedIn related to the theft of hashed LinkedIn member passwords that were published on an unauthorized website," a statement said.
"We don’t believe any member account has been compromised as a result of the password theft, and we have no reason to believe that any LinkedIn member has been injured," the statement added. "Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation."
LinkedIn concluded: "We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behaviour."
Content from our partners
Since the news broke of the password hack, LinkedIn says it has completed a "long-planned" move to a new security system for passwords.
"The LinkedIn technology team has completed a long-planned transition from a password database system that hashed passwords, i.e. provided one layer of encoding, to a system that both hashes and salts the passwords, i.e. provides an extra layer of protection," the company said. It added that for security reasons it would not provide any further details.
News of the hack first broke in early June, when a user on a Russian hacker forum asked for help in decrypting some 6.5 million LinkedIn passwords. The company was criticised for its security systems at the time of the attack.
