After an embarrassing security breach in early June that saw hackers expose more than six million passwords, social network LinkedIn is being hit with a class action worth at least $5 million.
A complaint filed in San Jose cites a “troubling lack of security measures” and accuses LinkedIn of negligence and breach of contract for failing to encrypt its user database with industry standard security measures. The incident resulted in hackers posting users’ information online but it is not yet clear how much data they obtained.
The lead plaintiff in the case is Katie Szpryka who paid for an upgraded account with the social network. The lawsuit, which also covers a separate class of users with free accounts, adds that LinkedIn breached California consumer protection laws. It cites a FTC complaint from 2003 in which the federal regulator accused the Guess! clothing company of unfair trade practices for storing customer information in an unencrypted database with poor security.
The case is likely to turn on whether LinkedIn did enough to protect its users accounts and whether it did enough to notify users of the hacking incident. Even though the breach was first reported by a Norwegian security firm and publicized by numerous technology sites, LinkedIn appears to have waited more than twelve hours before acknowledging its users data had been compromised.
Critics claim LinkedIn should have used a common practice known as “salting” to make the passwords harder to decrypt.
The LinkedIn case is just the latest in a parade of class actions in which technology companies stand accused of violating user privacy. As we reported yesterday in regard to the latest $10 million Facebook settlement, money from the lawsuits rarely goes to users.
The complaint is below. It was first reported by CourtHouse news service.