Lawsuit argues LinkedIn failed to meet vulnerability management obligations

Security breaches like the one that affected professional social networking site LinkedIn on June 6 can be costly, both financially and in terms of lost consumer confidence.

Penetration testing can often prevent such instances and help ensure your company is storing user information securely.

LinkedIn is now facing a class action lawsuit over the aforementioned incident, which saw cyber criminals hack its information database and release 6.5 million user passwords onto a Russian internet forum.

The lawsuit, filed in Canada, asserts that LinkedIn did not meet its obligations of vulnerability management, as it did not salt its passwords – a practice commonly considered standard industry protocol.

"Despite its contractual obligation to use best practices in storing user data, LinkedIn failed to utilise basic industry standard encryption methods. In particular, LinkedIn failed to adequately protect user data because it stored passwords in unsalted SHA1 hashed format," reads the lawsuit.

LinkedIn responded by arguing that no member accounts were breached and that no user has suffered any undue injury relating to the incident.

"Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation," said LinkedIn.

LinkedIn could potentially find itself liable for $5 million in damages if the lawsuit is successful.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s