LinkedIn will get to connect with a federal judge after an embarrassing security breach in early June. The social network for professionals has been hit with a class action seeking at least $5 million over an incident that exposed millions of user passwords.
A complaint filed in San Jose cites a “troubling lack of security measures” and accuses LinkedIn of negligence and breach of contract for failing to encrypt its user database with industry standard security measures. The incident resulted in hackers posting users’ information online but it is not yet clear how much data they obtained.
The lead plaintiff in the case is Katie Szpryka who paid for an upgraded account with the social network. The lawsuit, which also covers a separate class of users with free accounts, adds that LinkedIn breached California consumer protection laws. It cites a FTC complaint from 2003 in which the federal regulator accused the Guess! clothing company of unfair trade practices for storing customer information in an unencrypted database with poor security.
The case is likely to turn on whether LinkedIn did enough to protect its users accounts and whether it did enough to notify users of the hacking incident. The breach was first reported by a Norwegian security firm and then publicized by numerous technology sites but LinkedIn appears to have dithered for more than twelve hours before telling users that data had been compromised.
Critics claim LinkedIn should have used a common practice known as “salting” to make the passwords harder to decrypt.
The LinkedIn case is just the latest in a parade of class actions in which technology companies stand accused of violating user privacy. As we reported yesterday in regard to the latest $10 million Facebook settlement, money from the lawsuits rarely goes to users.
The complaint is below. It was first reported by CourtHouse news service.
Photo courtesy of Shutterstock user [Blazej Lyjak].