By allowing ads to appear on this site, you support the local businesses who, in turn, support great journalism.
Premium users of LinkedIn to receive $1 each in password-leak settlement
LinkedIn premium users will receive $1 each in the password-leak settlement. - photo by William E. Lewis Jr.
To settle a class-action lawsuit that alleged LinkedIn failed to protect the passwords and private information of its premium subscriber customers, the company has agreed to pay $1.25 or about $1 each million to approximately 800,000 people who were premium users of the social media network between March 2006 and June 2012.

The case dates back to June, 2012 when LinkedIn premium user Katie Szpyrka sued LinkedIn after the social network reported that 6.5 million hashed user passwords were published online. Alleged in the court action were a number of California state law violations, breach of implied contracts and privacy, along with negligence. Shortly thereafter, another LinkedIn user filed a class-action lawsuit claiming that LinkedIn violated its user agreement and privacy policy.

According to documents filed with the court, LinkedIn purposely failed to salt user passwords before storing them in a database. In terms of privacy, salting passwords adds a dimension to the hash that makes it more difficult to uncover protected data. The social media network was also accused of lax security procedures in that the hackers used an SQL injection attack, which permitted access to LinkedIn databases via a website.

Salting passwords is an important privacy protection that shouldn't be ignored, said Jose Daniel Carrillo, Director of the Barnett Capital Group. With database breaches occurring more often, dont be surprised to see more of these privacy-based lawsuits in the future.

According to The New York Times, the settlement covers individuals and entities in the United States who paid for premium subscriptions between March 15, 2006, and June 7, 2012.

As part of the settlement, LinkedIn has also agreed to "employ both salting and hashing, or an equivalent or greater form of protection in LinkedIns judgment, to protect LinkedIn users passwords for a period of five years after the final settlement date."

While LinkedIn premium users are eligible to make a claim against the $1.25 million settlement fund, attorneys will receive approximately one-third of the settlement for bringing the action. Individual plaintiffs must thereafter apply to share in the settlement and the actual amount paid to each claimant will depend on the actual number of claim forms received.

So let me get this right, Ive paid close to $60 a year for premium LinkedIn service and Im getting a buck back? said Brenda Di Ioia, a premium LinkedIn subscriber. Why bother with a settlement at all? I think its time to cancel my subscription and save the money.

In the event that award funds exceed attorney fees and claimant demands, any remaining funds will be donated to nonprofit organizations the Center for Democracy & Technology, the World Privacy Forum and the Carnegie Mellon CyLab Usable Privacy and Security Laboratory, as designated by the parties.

Following settlement of the action Monday, LinkedIn provided a statement to The New York Times, that curtly stated: "Following the dismissal of every other claim associated with this lawsuit, LinkedIn has agreed to this settlement to avoid the distraction and expense of ongoing litigation."

As a businessman who heavily relies upon social media and the use of tools such as LinkedIn, I applaud the settlement and increase of security measures, said Lee Feldman of Pops Corn in Fort Lauderdale, Florida. With that said, any settlement should have included a refund or rebate of a users premium subscription fee rate.
Sign up for our E-Newsletters