Source: TechNewsWorld, 7th June 2012 & InfoSecurity, 21st June 2012
The fallout for the recent breach at LinkedIn is continuing with (possibly frivolous) lawsuits and further bad PR around the whole incident…
LinkedIn faces $5 million class-action lawsuit over password breach
Katie Szpyrka, a US resident, has filed a $5 million class-action lawsuit in US District Court in Northern California against LinkedIn for the major breach that exposed the passwords of 6.5 million users.
“LinkedIn violated its own User Agreement and Privacy Policy by failing to utilize long-standing industry standard protocols and technology to protect Plaintiff and the Class members’ PII [personally identifiable information]’, the complaint alleged.
LinkedIn Breach Blamed on Rusty Security
LinkedIn recently enhanced its security, it said, so the new passwords and the passwords of people’s accounts that were not compromised will be protected by the “hashing and salting of our current password databases.”
From this, one can conclude that LinkedIn previously was not hashing and salting its password database..
Robert Siciliano told the E-Commerce Times. “They are in the business of connecting people in business and know the implications of lax security.”
There isn’t a financial issue with the loss of these passwords, such as there would be if a bank or credit card or retailer had been hacked, he explained.
However, most people tend to use the same passwords for multiple accounts, which is likely why the hackers targeted LinkedIn. They are business users who probably have multiple financial accounts that they also access online….