Posted on 22 Jun 2012 by Neilson
After being attacked by a hacker who stole 6.5 million of its passwords, LinkedIn is now being sued by one of its users for $5 million.
The lawsuit was filed on Friday in U.S. District Court in Northern California by an Illinois woman named Katie Szpyrka who in the lawsuit says LinkedIn failed to safeguard its users passwords.
But the lawsuit says the passwords stolen by LinkedIn were only protected by hashes -- a form of password security -- and weren't also salted -- which is another form of password security typically used on top of hashing.
"Industry standards require at least the additional process of adding 'salt' to a password before running it through a hashing function," the lawsuit claims according to eWeek. "This procedure drastically increases the difficult of deciphering the resulting encrypted password."
Erin O'Harra, a spokeswoman for LinkedIn, said the company has not found that any of its users' accounts were actually breached as a result of the attack.
"Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation," O'Harra said in an email statement. "We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behavior."
The suit was filed about a week and half after LinkedIn confirmed the attack. The company on June 6 began looking into reports that a hacker had dumped a list containing 6.5 million of its users' passwords and later confirmed that they had in fact been stolen.
LinkedIn had to force its affected users as well as some other users they suspected may have also been compromised to change their passwords.
Following the attack, LinkedIn announced that it would now be salting its passwords.