{"id":405,"date":"2012-06-21T21:55:11","date_gmt":"2012-06-21T21:55:11","guid":{"rendered":"http:\/\/www.halkynconsulting.co.uk\/a\/?p=405"},"modified":"2012-11-24T20:44:52","modified_gmt":"2012-11-24T20:44:52","slug":"linkedin-to-face-3m-lawsuit-over-password-breach","status":"publish","type":"post","link":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/","title":{"rendered":"LinkedIn to face \u00a33m lawsuit over password breach"},"content":{"rendered":"<p>Following up on the news last week that LinkedIn had suffered a major security breach in which huge numbers of user account passwords were put at risk (<a title=\"Security - Are passwords dead following the LinkedIn Hack?\" href=\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/security-are-passwords-dead\/\" target=\"_blank\">previously discussed<\/a>), there is news today that a Chicago resident has filed a class action lawsuit against the company seeking US$5,000,000 in damages.<\/p>\n<p><a title=\"LinkedIn facing \u00a33 million lawsuit, as member claims negligence over password breach\" href=\"http:\/\/www.scmagazineuk.com\/linkedin-facing-3-million-lawsuit-as-member-claims-negligence-over-password-breach\/article\/246677\/\" target=\"_blank\">SC Magazine reports<\/a> that the plaintiff feels he has solid grounds for this lawsuit:<\/p>\n<blockquote><p>Paragraph three of the complaint states that through its privacy policy, LinkedIn promises that all information that [they] provide [to LinkedIn] will be protected with industry standards, protocols and technology. In direct contradiction to this promise, LinkedIn failed to comply with basic industry standards by maintaining millions of users&#8217; personal information in its servers&#8217; databases in a weak encryption format, and without implementing other crucial security measures.<\/p><\/blockquote>\n<p>Without wishing to comment on the legal merits of this suit, the publicly available information implies that LinkedIn did indeed fail to implement good practice measures with regards to protecting user accounts &#8211; the password hashes were poor practice in 2002 and it would certainly be bad practice to no update your security for over 10 years.<\/p>\n<p>Understandably, LinkedIn is reluctant to comment, other than to say:<\/p>\n<blockquote><p>We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behaviour.<\/p><\/blockquote>\n<p>This is a reasonable approach, and given the legal might LinkedIn is likely to be able to wield here, it is likely that they will be successful in their defence, although they may end up in an expensive trial and will suffer a lot of adverse publicity.<\/p>\n<p>However, this misses what is probably the most important point &#8211; <strong>all of this could have been avoided by properly investing in security<\/strong>. As always, the painful less from this is that yet another company (and a &#8220;techy&#8221; one which really should have known better), has tried to save money, and increase profits, by putting its prize assets at risk.<\/p>\n<p>Even if the lawsuit is unsuccessful, it is likely to cost LinkedIn significantly more than the \u00a350 &#8211; 60k they have saved over the last ten years cutting back in their security.<\/p>\n<p><strong>This is an important lesson for every organisation to take on board. It may seem like a good move to make your security function reduce its budgets, but you will never, ever, save enough to cover the costs of one major breach<\/strong>.<\/p>\n<p>Taking risks is part of business, but when it comes to security of critical assets, these risks should be properly managed and assessed as part of your risk management function. If you are going to gamble, make sure you are properly investing the money saved to cover the inevitable consequences. Anything else is simply bad business.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Following up on the news last week that LinkedIn had suffered a major security breach in which huge numbers of user account passwords were put at risk (previously discussed), there is news today that a Chicago resident has filed a class action lawsuit against the company seeking US$5,000,000 in damages. SC Magazine reports that the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5],"tags":[62,53,20,140,46,19],"class_list":["post-405","post","type-post","status-publish","format-standard","hentry","category-security","tag-linkedin","tag-passwords","tag-risk-management","tag-security","tag-security-management","tag-srm","entry"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>LinkedIn to face \u00a33m lawsuit over password breach - Halkyn Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LinkedIn to face \u00a33m lawsuit over password breach - Halkyn Security Blog\" \/>\n<meta property=\"og:description\" content=\"Following up on the news last week that LinkedIn had suffered a major security breach in which huge numbers of user account passwords were put at risk (previously discussed), there is news today that a Chicago resident has filed a class action lawsuit against the company seeking US$5,000,000 in damages. SC Magazine reports that the [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/\" \/>\n<meta property=\"og:site_name\" content=\"Halkyn Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-06-21T21:55:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2012-11-24T20:44:52+00:00\" \/>\n<meta name=\"author\" content=\"Taz Wake - Halkyn Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/tazwake\" \/>\n<meta name=\"twitter:site\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Taz Wake - Halkyn Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/\"},\"author\":{\"name\":\"Taz Wake - Halkyn Security\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc\"},\"headline\":\"LinkedIn to face \u00a33m lawsuit over password breach\",\"datePublished\":\"2012-06-21T21:55:11+00:00\",\"dateModified\":\"2012-11-24T20:44:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/\"},\"wordCount\":462,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"keywords\":[\"LinkedIn\",\"Passwords\",\"Risk Management\",\"Security\",\"Security Management\",\"Security Risk Management\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/\",\"name\":\"LinkedIn to face \u00a33m lawsuit over password breach - Halkyn Security Blog\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\"},\"datePublished\":\"2012-06-21T21:55:11+00:00\",\"dateModified\":\"2012-11-24T20:44:52+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Halkyn Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"LinkedIn to face \u00a33m lawsuit over password breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"name\":\"Halkyn Security Blog\",\"description\":\"Specialist Security &amp; Risk Management Consultants\",\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\",\"name\":\"Halkyn Consulting\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"width\":\"990\",\"height\":\"170\",\"caption\":\"Halkyn Consulting\"},\"image\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/2329571\",\"https:\/\/twitter.com\/HalkynSecurity\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc\",\"name\":\"Taz Wake - Halkyn Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g\",\"caption\":\"Taz Wake - Halkyn Security\"},\"description\":\"Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.\",\"sameAs\":[\"http:\/\/www.halkynconsulting.co.uk\",\"https:\/\/twitter.com\/https:\/\/twitter.com\/tazwake\"],\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/author\/tazwake\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LinkedIn to face \u00a33m lawsuit over password breach - Halkyn Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/","og_locale":"en_GB","og_type":"article","og_title":"LinkedIn to face \u00a33m lawsuit over password breach - Halkyn Security Blog","og_description":"Following up on the news last week that LinkedIn had suffered a major security breach in which huge numbers of user account passwords were put at risk (previously discussed), there is news today that a Chicago resident has filed a class action lawsuit against the company seeking US$5,000,000 in damages. SC Magazine reports that the [&hellip;]","og_url":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/","og_site_name":"Halkyn Security Blog","article_published_time":"2012-06-21T21:55:11+00:00","article_modified_time":"2012-11-24T20:44:52+00:00","author":"Taz Wake - Halkyn Security","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/tazwake","twitter_site":"@HalkynSecurity","twitter_misc":{"Written by":"Taz Wake - Halkyn Security","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/#article","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/"},"author":{"name":"Taz Wake - Halkyn Security","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc"},"headline":"LinkedIn to face \u00a33m lawsuit over password breach","datePublished":"2012-06-21T21:55:11+00:00","dateModified":"2012-11-24T20:44:52+00:00","mainEntityOfPage":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/"},"wordCount":462,"commentCount":0,"publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"keywords":["LinkedIn","Passwords","Risk Management","Security","Security Management","Security Risk Management"],"articleSection":["Security"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/","url":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/","name":"LinkedIn to face \u00a33m lawsuit over password breach - Halkyn Security Blog","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website"},"datePublished":"2012-06-21T21:55:11+00:00","dateModified":"2012-11-24T20:44:52+00:00","breadcrumb":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/06\/linkedin-to-face-3m-lawsuit-over-password-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Halkyn Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/"},{"@type":"ListItem","position":2,"name":"Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/"},{"@type":"ListItem","position":3,"name":"LinkedIn to face \u00a33m lawsuit over password breach"}]},{"@type":"WebSite","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","name":"Halkyn Security Blog","description":"Specialist Security &amp; Risk Management Consultants","publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization","name":"Halkyn Consulting","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","width":"990","height":"170","caption":"Halkyn Consulting"},"image":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/2329571","https:\/\/twitter.com\/HalkynSecurity"]},{"@type":"Person","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc","name":"Taz Wake - Halkyn Security","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g","caption":"Taz Wake - Halkyn Security"},"description":"Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.","sameAs":["http:\/\/www.halkynconsulting.co.uk","https:\/\/twitter.com\/https:\/\/twitter.com\/tazwake"],"url":"http:\/\/www.halkynconsulting.co.uk\/a\/author\/tazwake\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9yHvD-6x","jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/405","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/comments?post=405"}],"version-history":[{"count":2,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/405\/revisions"}],"predecessor-version":[{"id":460,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/405\/revisions\/460"}],"wp:attachment":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/media?parent=405"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/categories?post=405"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/tags?post=405"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}