LinkedIn to Pay $1.25 Million to Settle Claims over Weak Password Security

LinkedIn to pay 1.25 million in settlement claims for contravening users’ privacy agreement and negligence in securing their passwords. The company, entangled in another ongoing privacy suit, will compensate up to 800,000 of its premium members between March 2006 and June 2012.

Linked In, the largest professional networking platform to pay $1.25 million in settlement claims to its premium subscribers, following a class-action lawsuit that successfully challenged the company’s ability to secure clients passwords and personal details on the web.

The lawsuit dates back to June 2012 when suspected Russian hackers leaked a file containing at least 6.5 million encoded LinkedIn passwords. Apparently, LinkedIn was using simple text book encryption coupled with poor password management practices that gave hackers an easy ride through its databases.

Following the hacking incident, affected LinkedIn users sued the company for contravening the privacy agreement and negligence in securing their private data. The claimants, who were premium LinkedIn members at the time, convinced the US federal court that LinkedIn had dubbed them into believing the company could secure their private data when it obviously could not.

At the time, LinkedIn relied on hash cryptography to secure customers login credentials. Hackers were able to crack the codes and leak close to 165,000 password in plain text. The suit further pointed out that Linked In stored it users’ log in details on its Web servers, a factor that made it easy for hackers to access users login details through an SQL injection attack.

Under the settlements terms presided by Judge Edward J. Davila of the federal district court in  north California, LinkedIn will pay a total sum of up to $1.25million to  at least 800,0000 US citizens and private entities who were premium members between March 15, 2006 and June 7, 2012.

The kitty will first be used to settle the legal fees of the plaintiff lawyers and the remainder will be paid only to those who will make formal claims. Each successful claimant will receive approximately $1 but the figure may rise proportionately depending on the total number of claims.

After settling all claims, the remaining amount will be donated to three non-profit organization which include the World Privacy Forum, Center for Democracy & Technology, and the Carnegie Mellon CyLab Usable Privacy and Security Laboratory. Visit the official settlement page for more details on how to apply.

“Following the dismissal of every other claim associated with this lawsuit, LinkedIn has agreed to this settlement to avoid the distraction and expense of ongoing litigation.” Read Linked In Statement.

Currently, LinkedIn is entangled in another court battle that may see the company fork out more money in settlement claims to its subscribers. Linked In has been sued for scanning its users email contact lists and sending spam email to harvested contacts in order to encourage more sign ups. Linked In spokesman Hani Durzy, declined to divulge more details on the ongoing suit.

Ali Qamar Ali is an Internet security research enthusiast who enjoys "deep" research to dig out modern discoveries in the security industry. To be frank and honest, Ali started working online as a freelancer and still shares the knowledge for a living. He is passionate about sharing the knowledge with people, and always try to give only the best.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.