LinkedIn recently suffered a security breach, wherein the usernames and passwords of account holders were compromised. Now, a woman named Katie Szpyrka from Illinois in the United States is organizing a class action lawsuit against the professional network, saying that the security breach was a violation of its own terms and conditions. According to ZDNet, Szpyrka has been a member of LinkedIn, since 2010 and claims that LinkedIn, “failed to properly safeguard its users’ digitally stored personally identifiable information including email addresses, passwords, and login credentials.” She filed the suit in a United States District Court in a district in Northern California. She wants a trial in front of jury on the grounds of breach of contract and negligence. She says that members of the class action suit should include individuals and entities in the United States who have had a LinkedIn account on or before the 6th of June, 2012. The group should include individuals and entities that have signed up for premium accounts.
Szpyrka has a premium LinkedIn account and pays $26.95 (approx Rs. 1,513) per month for it. She says that LinkedIn breached their terms of agreement because they promise its users that it protects their users' information using industry standards and technology. While the company had hashed passwords, they didn't salt the passwords, which made it easier for the hackers to break in. Szpyrka has said that LinkedIn had not encrypted user passwords based on industry standards, which was a breach of agreement.
The suit also mentions the fact that LinkedIn was hacked with a SQL injection, a method of hacking that has been used for a long time. This attack is done via a website where hackers will eventually get to the database of information. The suit cites National Institute of Standards and Technology checklists as a common tool to avoid such SQL attacks. Furthermore, the suit claims that LinkedIn had not publicized the attacks, which only came to be known when third parties started reporting it. It claims that LinkedIn only later admitted that they weren't handling user data in accordance to the best practices. The suit claims that the damages are in excess of $5 million. Furthermore, LinkedIn users who share their account passwords with other accounts are recommended to change passwords of their other accounts.