LinkedIn hits back at US data breach lawsuit claims
Data breach victim dismisses suit as "lawyer-driven" and "without merit".

LinkedIn has dismissed a lawsuit filed by a disgruntled user in the wake of its recent data breach, accusing the firm of failing to keep information about its members safe. Earlier this month it emerged that the passwords of nearly 6.5 million of the social networking site's users were posted in a Russian web forum.If LinkedIn used appropriate encryption methods, the stolen information would be useless, as it would be indecipherable.On Monday, one of the site's members, Katie Szpyrka, filed a $5million class action complaint against the site with the United States District Court in the Northern District of California.
It claimed LinkedIn had failed to safeguard users' "digitally stored personally identifiable information(PII)" and violated its own user agreement and privacy policy by not using "industry standard protocols and technology".
"LinkedIn promises its users that "[a]ll information that [they] provide [to Linkedin] will be protected with industry standards protocols and technology," the document states.
"In direct contradiction to this promise, LinkedIn failed to comply with basic industry standards by maintaining millions of users' PII in its servers' databases in a weak encryption format and without implementing other crucial security measures."
The "weak encryption format" the lawsuit refers to is LinkedIn's decision to store user passwords in a hashed unsalted SHA1 format.
The lawsuit also claims the site was breached using an SQL injection attack, which is described as "a common hacking method" that should be relatively easy to evade.
"Had LinkedIn used proper encryption methods, and a hacker were able to penetrate LinkedIn's network, he would be limited in his ability to inflict harm," it added
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"If LinkedIn used appropriate encryption methods yet failed to secure its database the stolen PII would be useless, as it would be indecipherable."
In a statement to IT Pro, a LinkedIn representative said Szpyrka's case was "without merit" and driven by lawyers looking to capitalise on the site's recent misfortunes.
"No member account has been breached as a result of the [password leak] incident, and we have no reason to believe that any LinkedIn member has been injured," the statement said.
"Therefore, it appears these threats are driven by lawyers looking to take advantage of the situation and we will defend the company vigorously against suits trying to leverage third-party criminal behaviour."
-
Blackouts in Spain and Portugal could be a cyber attack
Both countries are "paralyzed" by nationwide power outages
By Jane McCallion
-
Cisco takes aim at AI security at RSAC with ServiceNow partnership
News The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
By Jane McCallion
-
Nintendo hacker forced to pay company 25-30% of earnings for life
News Gary Bowser pled guilty to hacking charges in 2021
By Rory Bathgate
-
Legal experts predict 600% surge in data protection disputes
News Disputes could rocket by six times in next five years
By Rene Millman
-
36% of ex-employees are breaking the computer misuse act
News Companies are failing to revoke access when IT workers leave
By Jane McCallion
-
Court delays sentencing of 'revenge porn' criminal
News 21-year-old man's sentencing adjourned until 4 September
By Caroline Preece
-
Finnish teen convicted of over 50,000 hacks avoids jail
News Judge cites young age of hacker, but others warn he is a "dangerous sociopath"
By Jane McCallion
-
Is the Dark Web safe? How Ross Ulbricht's life sentence could harm online law enforcement
News Life sentencing of Silk Road mastermind will fragment Dark Web criminals' activity, warns report
By Caroline Donnelly
-
Revenge porn website operator found guilty in US
News Californian man convicted of identity theft and extortion for running revenge porn websites
By Caroline Donnelly
-
Government pushes emergency law to allow data snooping
News Government legislation will force telecoms companies to log customer info for government investigation
By Alex Hamilton