Nearly 6.5 million passwords were posted on a Russian based hacker forum website and on June 6th LinkedIn confirmed that these passwords belonged to their users. The company now faces a $5 million class action suit claiming they are in violation of their own user agreements and privacy policies.
Hackers were able access nearly 6.5 million LinkedIn user passwords using a SQL injection attack to remotely access a LinkedIn database. Although the passwords had been hashed, roughly 60 percent of them had been cracked, and all 6.5 million passwords were posted in a Russian hacker forum. The hackers who posted the passwords were requesting help in decrypting the remaining passwords. Only passwords were posted with no user name or other accompanying information, but it has not yet been discovered or disclosed what other information, if any was, compromised in addition to the passwords.
Affected LinkedIn users were notified of the breach and their passwords were reset, the breach affected less than 5 percent of LinkedIn’s 150 million users. But on behalf of all LinkedIn users an Illinois woman has filed a class action lawsuit against LinkedIn claiming $5 million in damages. The suit claims that LinkedIn violated their user agreements and privacy policies which promise to protect user information with industry standards and technology by failing to properly safeguard users’ personally identifiable information.
For more information: