LinkedIn gets sued over exposed passwords

I don't think anyone will be surprised that LinkedIn has been sued over the hack that exposed as many as 6 million user passwords to the professional social network. The security breach occurred in early June and LinkedIn is now hit with a class-action suit seeking at least $5 million in restitution for the stolen passwords. The complaint was filed in San Jose and sites a "troubling lack of security measures."

The suit also accuses LinkedIn of negligence and breach of contract for failing to encrypt the user database holding passwords with industry standard security protocols. Despite the fact that LinkedIn has been sued, it still not clear exactly how much data the hackers were able to run away with. The lead plaintiff in the class-action suit is Katie Szpryka, who had a paid upgraded account on LinkedIn.

The suit also covers a separate class for users with free accounts and claims that LinkedIn breached consumer protection laws on the books in California. Interestingly, the suit cites an FTC complaint filed in 2003 against me Guess clothing brand alleging unfair trade practices for storing customer details in an unencrypted database. I suspect LinkedIn will end up having to pay out some money in this case.

[via Gigaom]