LinkedIn Hit With $5M Lawsuit Over Lost Passwords

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Well that didn't take long, now did it?

An Illinois woman is leading the charge against LinkedIn in a $5 million class-action lawsuit that alleges the social network failed to protect its members' data. The suit is a result of the recent security breach where hackers stole thousands of passwords. The passwords ended up on a site accessible to the public.
Click to expand...
 
That news article fails to mention that it was the password hashes & not the passwords themselves. I'm not surprised that it's coming from CNET though.
 
How was she harmed? Loser.

But as I was logging into linkedin with my new password I wondered to myself if they fixed the breach that let the passwords out.
 
Wow people sure sue for anything these days. Sure it was wrong for them to design a system in which the passwords can leak, but it's also a free service and should not be held liable for anything.

Up to her to change her password everywhere else like everyone else did, and move on.
 
Red Squirrel said:
Wow people sure sue for anything these days. Sure it was wrong for them to design a system in which the passwords can leak, but it's also a free service and should not be held liable for anything.

Up to her to change her password everywhere else like everyone else did, and move on.
Click to expand...

It's not a free service for those who pay for upgraded accounts. Those can get quite pricey!
 
I was actually expecting it, A lot of US citizens tend to sue anything/everything these days honestly
 
CrimsonKnight13 said:
That news article fails to mention that it was the password hashes & not the passwords themselves. I'm not surprised that it's coming from CNET though.
Click to expand...

Except that they didn't salt the hashes, making a dictionary attack on the passwords trivial, and the general population has no idea just how large a dictionary you can create (worse if the hacker can rig up a botnet).

Looks like they were using SHA-1 instead of MD5, but that doesn't help anyone who thought that 123PassWord! would be hard to guess.

http://www.zdnet.com/blog/security/md5-password-scrambler-no-longer-safe/12317
[yes, I know its zdnet, and completely confuses the idea between "unsafe" (i.e. can be broken in mip years instead of mip decades) with "unsalted" (meaning you can attack all the passwords at once instead of one by one).]
 
I've been an advocate of suing the shit out of companies that don't take reasonable, security best practice standards in protecting their networks against hacks where your personal data can be at risk. In this case because of the encryption, I would say this person is being foolish and it will cost her.
 
It's a free service. One willingly lets go of all control when a 3rd party takes responsibility for your information.
 
I hope she's awarded the damages over this. I admit I only feel that way because she's suing a social networking service, though. :)
 
Wumpus said:
Except that they didn't salt the hashes, making a dictionary attack on the passwords trivial, and the general population has no idea just how large a dictionary you can create (worse if the hacker can rig up a botnet).

Looks like they were using SHA-1 instead of MD5, but that doesn't help anyone who thought that 123PassWord! would be hard to guess.

http://www.zdnet.com/blog/security/md5-password-scrambler-no-longer-safe/12317
[yes, I know its zdnet, and completely confuses the idea between "unsafe" (i.e. can be broken in mip years instead of mip decades) with "unsalted" (meaning you can attack all the passwords at once instead of one by one).]
Click to expand...

Thanks for clarifying. I understood that they weren't salted but I didn't know the details.
 
I closed my account before it happened, am I effected as well? :confused:
 
You must log in or register to reply here.
Back
Top