LinkedIn accused of cutting corners in protecting user data

Linkedin lawsuit

LinkedIn is being sued for a password hack that resulted in millions of passwords being stolen from the business social network and appearing on a Russian forum.

The class action lawsuit comes from a premium (or paying) LinkedIn user Katie Szpryka, who says LinkedIn didn’t do enough to “properly safeguard its users’ digitally stored and personally identifiable information, including e-mail addresses, passwords, and login credentials.” She claims that the company failed to use Industry Standard Protocols to protect the information and wants over $5 million in return. Indeed, LinkedIn has been criticized for the way it handled the breach, with some customers unhappy that a notice was not immediately distributed.

Early in June, 6.5 million encrypted passwords were found on a Russian website, some of which were rumored to be from LinkedIn. Because the passwords were hashed, security researchers had to unlock the passwords and test them against LinkedIn accounts. After finding multiple matches, the company came forth and confirmed that LinkedIn was compromised and that all account holders should change their passwords immediately.

Following the confirmation, a number of spoofed LinkedIn e-mails showed up. A spoofed e-mail is an e-mail that looks like it is coming from a credible source, often using the same e-mail templates, to trick the user into giving up personal information. In this case, some of the e-mails asked users to update their LinkedIn account information. Links within these e-mails also took users to websites selling Viagra and related products.

Check out the lawsuit below:

hat tip GigaOm, via Courthouse New Service ; Justice scales via Shutterstock