A $5 million class action lawsuit over LinkedIn data breach dismissed. A US judge ruled: Any damage done to LinkedIn users over the massive June 2012 data breach was abstract, not actual. Thus did a $5 million class-action lawsuit against the networking site get dismissed, before the case ever breathed the air of a court trial. The breach resulted in the compromise of 6.5 million users’ passwords. Within hours of the passwords being posted online, over 60% of the stolen passwords had been cracked.
Within days of the June breach, the lawsuit was filed on behalf of all users by two premium LinkedIn users in the US. It charged LinkedIn with failing to use basic industry standard security practices – a failing that, the plaintiffs claimed, led to the data leak. Specifically, the suit claimed that LinkedIn didn’t store passwords in salted SHA1 hashed format, thereby failing to adhere to its Privacy Policy’s promise to use industry standard protocols and technology to protect personally identifiable information.
Source: NakedSecurity
