The financial impact of hacking attacks and security breaches continues, with LinkedIn coughing up cash to settle a lawsuit.

The business-oriented social network has paid $1.25m (£810,000) to settle the legal claim filed just after the theft of millions of passwords in the summer of 2012.

Massive Theft

It was in early June 2012 when LinkedIn first became aware of reports that almost 6.5 million passwords for the social networking site had been stolen and published online.

A Russian hacker had acquired password hashes, cracked many of them and posted them on a Russian website, in a move that potentially left millions of LinkedIn users vulnerable to account hijacking and personal data theft.

Following the breach, LinkedIn announced “a long-planned transition” to a password database system that both hashes and salts the passwords, to provide a double-layer of security.

Following the breach, the social network apologised and enlisted the help of the FBI in the matter, but that did not stop a class action lawsuit led by plaintiff Katie Szpyrka, who alleged that LinkedIn failed to properly safeguard users’ personally identifiable information, and violated its own user agreement and privacy policy by not using “long-standing industry standard protocols and technology.”

LinkedIn however consistently refuted the lawsuit, and indeed claimed it was inspired by lawyers wanting to exploit the situation. It confirmed that the password theft had cost the company between $500,000 (£322,705) and $1m (£645,000).

But now LinkedIn has agreed to settle the lawsuit and the $1.25m (£810,000) cash settlement will be shared among LinkedIn’s American users. And only those who paid to use the site between 15 March 2006 and 7 June 2012 are eligible, and the maximum each person can receive is $50 (£32).

To claim, qualifying LinkedIn users have to go to this website in order to get their compensation. Users have until May 2 to file their claim, and if they don’t file a claim, they will receive no compensation.

LinkedIn Win?

LinkedIn was keen to stress on the website that the “Court has not decided whether the Plaintiff or the Defendant should win this case. Instead, both sides agreed to a settlement.”

And with a settlement figure of just $50 for each qualifying user, plus the fact that it is now up to the court to determine the proper amount of any attorneys’ fees, some may feel that LinkedIn may have come out on top of the lawsuit, despite the damage the theft did to LinkedIn’s security credentials.

And that 2012 password theft was not the first time that LinkedIn has faced issues over its passwords.

In late 2010, Yahoo, Twitter and LinkedIn all asked their users to change their passwords, after a data breach at online publisher Gawker Media resulted in about 200,000 login details being compromised.

Are you a security guru? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

6 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

8 hours ago