Class action lawsuit filed against LinkedIn
Posted on: 06/21/2012 04:39 PM
[
Comments
]
In San Jose, California, an Illinois woman has filed a class action lawsuit on behalf of the other LinkedIn members after the disclosure of the huge password leak at LinkedIn. The claim is that the company put personal data from users at risk by not only using outdated security but also taking too long to inform the users after the incident. The claim has been set at more than $5 million.
What the claim accuses LinkedIn of doing is using outdated hash algorithms, the SHA1 format that dates back to 1995, to protect user's data. The claim goes on to accuse the company of not having salted user's passwords, a procedure that involves adding random values to make it more difficult to convert hashes back to plain text. In doing so, LinkedIn caused "significant risks to the integrity of users' sensitive data", the suit says.
In a statement released on Wednesday, LinkedIn emphasized that no member account was breached as a result of the incident. "It appears that these threats are driven by lawyers looking to take advantage of the situation", the company said, adding that it believes the claims are without merit, and will defend itself vigorously against them.
The full effect of the thefts is difficult to gauge, as it also includes eHarmony, the dating site, as well as Last.fm, the music service. 6.5 million LinkedIn password hashes were published on a Russian site. Plus the 2.5 million hashes from Last.fm have also been published from a list that is thought to contain 17 million entries.
What the claim accuses LinkedIn of doing is using outdated hash algorithms, the SHA1 format that dates back to 1995, to protect user's data. The claim goes on to accuse the company of not having salted user's passwords, a procedure that involves adding random values to make it more difficult to convert hashes back to plain text. In doing so, LinkedIn caused "significant risks to the integrity of users' sensitive data", the suit says.
In a statement released on Wednesday, LinkedIn emphasized that no member account was breached as a result of the incident. "It appears that these threats are driven by lawyers looking to take advantage of the situation", the company said, adding that it believes the claims are without merit, and will defend itself vigorously against them.
The full effect of the thefts is difficult to gauge, as it also includes eHarmony, the dating site, as well as Last.fm, the music service. 6.5 million LinkedIn password hashes were published on a Russian site. Plus the 2.5 million hashes from Last.fm have also been published from a list that is thought to contain 17 million entries.
Comments
