LinkedIn Security Breach Lawsuit
A new lawsuit is questioning the company’s security practices following a security breach. This case alleges that LinkedIn failed to implement salting of passwords and did not properly recognize the database was compromised. It further alleged that the company did not follow industry standards. In addition, the security breach occurred because LinkedIn failed to implement the required safeguards for PII. This is a serious issue, which has already landed numerous high-profile companies in legal trouble.
LinkedIn breached its user agreement
It’s no secret that LinkedIn has been subject to controversy for a while now after users started claiming the site breached its user agreement. The social networking site claims that it has 756 million members. However, the terms of its user agreement aren’t entirely clear. Users must affirmatively agree to use the service, which includes a prohibition against creating multiple accounts, harvesting data, and creating false identities.
According to the complaint, LinkedIn breached its user agreement by failing to store passwords on a separate secure server and using outdated passwords to gain access to the passwords of millions of users. The company should have also implemented industry-standard security protocols, but didn’t. As a result, the suit alleges, that LinkedIn breached its user agreement and violated California’s Unfair Competition Law. As a result, the court ruled that LinkedIn breached its user agreement and is responsible for the resulting damage.
LinkedIn failed to salt passwords
LinkedIn recently learned that it failed to salt passwords it uses to protect user data. Although LinkedIn has been working to implement salting as a security measure, this latest flaw has prompted users to change their passwords immediately. A spokeswoman for LinkedIn says that no users’ accounts were compromised, and the company will send emails to affected users. Until LinkedIn starts salting passwords, users can use a simple password manager such as 1Password.
The SHA-1 hashing algorithm is no longer used by software developers, and many major social networking services have admitted to storing user passwords in clear text. LinkedIn and other social networking sites are not the only companies to use this insecure method. Facebook, Twitter, and Instagram have all made public admissions of storing user passwords in cleartext for years. But LinkedIn failed to salt passwords in 2012, and the results were catastrophic.
LinkedIn didn’t recognize database had been compromised
The recent breach of LinkedIn’s database exposed the credentials of over 164 million users. The hack began in 2012, and the data was out of sight for four years. The passwords were stored as SHA1 hashes without salt, so the vast majority of them could be cracked very quickly. However, this breach was the result of a lapse in security at LinkedIn. It is unclear whether it was due to human error or some other underlying security flaw.
According to the Russian hacker, the attackers obtained a list of the passwords of more than six million LinkedIn users and posted them online. The breach left many people stunned and confused. Hackers are targeting everyday websites for their data, but there are steps you can take to ensure your information is safe. LinkedIn has improved the security of its password database since the incident, and now uses salting, but they did not mention the importance of securing passwords on a separate web server. A dedicated web server should be secured by a firewall, and only be used for securely storing user passwords.
LinkedIn didn’t follow industry standards
In a recent lawsuit filed by a woman who experienced a security breach on LinkedIn, it was discovered that LinkedIn did not follow industry standards in encrypting passwords. The company should have stored passwords on a separate secure server and separated them from other user information. This would have avoided any future problems. In addition, LinkedIn should not have allowed users to store their passwords in the public area of its website.
The plaintiffs argued that LinkedIn did not follow industry standards in 2012 by failing to use an industry-standard hashing function to encrypt the passwords they stored on their servers. The hashing function used by LinkedIn does not include salting, which is a random string kept on the server instead of the password. In this way, a user’s password will always produce the same hash.