14 DAY TRIAL // A class-action lawsuit has been filed against LinkedIn by Katie Szpyrka, an unhappy customer who has been paying $26.95 (21 EUR) each month for a premium account. She accuses the company of failing to protect its customers, Courthouse News Service reports.
Shortly after the world learned that around 6.5 million passwords had been leaked, LinkedIn representatives admitted that salt hadn't been utilized to encrypt sensitive information.
They immediately began to reset passwords and warn the affected customers. The firm also took some serious measures to ensure that future incidents would be avoided, but they seem to be “too little too late.”
According to the complaint filed on Monday by Szpyrka, the lead plaintiff, the company used an “outdated hashing function” (unsalted SHA1), incompatible with industry standards.
"While some security threats are unavoidable in a rapidly developing technological environment, LinkedIn's failure to comply with long standing industry standard encryption protocols jeopardized its users' PII, and diminished the value of the services provided by defendant - as guaranteed by its own contractual terms," the complaint states.
Some of the accusations are based on the fact that in its User Agreement and Privacy Policy, the social media company states that all personal information provided by the customers “will be secured in accordance with industry standards protocols and technology.”
The suit also blames the company for acting on the issue only after third parties announced the security breach, instead of coming forward when the actual attack occurred.
ZDNet informs that the court action claims damages of over $5 million (4 million EUR).
As we’ve reported on previous occasions, LinkedIn still hasn’t detailed the actual breach. Furthermore, some users stated that the leaked passwords were actually their old ones which they had changed between 6 and 9 months prior to the incident.