Skip to main content

LinkedIn Sued $5M Over Password Leak

Reuters reports that an Illinois woman has filed a $5 million class-action lawsuit against LinkedIn in U.S. District Court for the Northern District of California. The suit alleges that LinkedIn violated promises to its users by not having better means to secure private data, thus allowing a hacker to gather more than six million passwords and post them online.

The lawsuit, filed by Chicago-based law firm Edelson McGuire on behalf of LinkedIn user Katie Szpyrka, said the professional social network had "deceived customers" by having a security policy "in clear contradiction of accepted industry standards for database security." Naturally LinkedIn disagrees, stating that the lawsuit was without merit and driven "by lawyers looking to take advantage of the situation."

"No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured," LinkedIn spokeswoman Erin O'Harra said on Wednesday.

Weeks ago, LinkedIn said that it was working with the FBI to determine who stole 6.4 million hashed passwords from its database and posted them in a list on a hacker site. The company said it was still in the early stages of the investigation and did not know if any accounts had been taken over by hackers as a result of the security violations. Most of the passwords discovered on the list remained hashed and hard to decode, but a small subset of the hashed passwords were decoded and published.

"To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event," reported LinkedIn's Vicente Silveira at the time.

Legal experts claim that it will be difficult to win the LinkedIn lawsuit because the plaintiffs -- as there may be additional lawsuits filed in the next few weeks -- will need to prove they were actually harmed by the hack. It will be even more difficult to prove if it turns out that the LinkedIn breach was limited to customer passwords and not corresponding email addresses.

"In consumer security class actions, the demonstration of harm is very challenging," said Ira Rothken, a San Francisco-based lawyer at the Rothken Law Firm. The firm handles similar cases for other plaintiffs.

Both eHarmony and also reported that their sites were hacked and passwords stolen right after the LinkedIn passwords went live. So far there have been no lawsuits filed against the two sites.

Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then, he’s loved all things PC-related and cool gadgets ranging from the New Nintendo 3DS to Android tablets. He is currently a contributor at Digital Trends, writing about everything from computers to how-to content on Windows and Macs to reviews of the latest laptops from HP, Dell, Lenovo, and more. 

  • nebun
    first of all no one forced that bitch to create an account....why is she allowed to sue the company?....i so dislike the American justice system
  • amuffin
  • jryan388
    You just got robbed, so pay up!
  • alidan
    nebunfirst of all no one forced that bitch to create an account....why is she allowed to sue the company?....i so dislike the American justice system
    so, your social security number gets stolen because a place you were forced to give it to didnt properly secure their whatever, properly remove it, so on so forth.

    you life is basically now screwed over and will probably not get back on track for a long time.

    so, what do you do? say this (dont want sanction) happens, or do you want to hurt the company that screwed you?

    class action isnt about getting something for nothing, its about forcing a change, and most places refuse to change till it hurts them where it counts, their wallets.

    yea yea, lawers get most of the money, but money isn't the point, the point is forcing change.
  • ibboard
    "To the best of our knowledge, no email logins associated with the passwords have been published..."

    Not published is not the same as not used. I've had spam come to the address I registered with at LinkedIn and was CCed to an address that I registered with at The two addresses were different (a unique address per site) and were used nowhere else. The chances of someone successfully guessing both of those addresses and using them both (and no others) on a spam message are slim to none, especially so close after the breach of both sites.
  • cee2cee
    There is no such thing as 100% perfect security... you use cloud services you implicitly are agreeing to take the risk of getting hacked. Lawsuits like this are retarded and should be thrown out immediately.
  • jojesa
    When you visit LinkedIn you see this message
    Your email is safe with us!
    We will not store your password or email anyone without your permission.
    Irony...Ha Ha
  • blazorthon
    jojesaWhen you visit LinkedIn you see this messageYour email is safe with us!We will not store your password or email anyone without your permission. Irony...Ha Ha
    Well, considering that posted the passwords are hashed and supposedly, no one's email has been revealed through this, I'd say that LinkedIn is doing far better than most other hacked companies have been doing with their clear-text storage crap.
  • The real irony here is that security costs money and hammering the companies that make an honest effort to protect your information in an attempt to get them to ramp up on security will just end up lightening their wallet, thus providing a smaller budget for security.

    How long did it take LinkedIn to report the theft? Their initiative at least shows that they have been more proactive about their users' security than many other companies that also had information stolen as of late.

    The sad truth is that we just don't live in a world where people take responsibility for the things that happen to them anymore. Everyone is too busy pointing fingers and exploiting the law in order to screw somebody else over instead of dealing with their own problems, creating their own quality product, etc, etc.
  • jackson1420
    That women suing should learn how to do security herself and avoid sites that get hacked. Or better yet stay off period. I get along just fine not having all that non-sense LinkedIn or Facebook.. email ftw