A potential class-action lawsuit has been filed again professional social networking site LinkedIn. The accusations against LinkedIn are that the site has failed to meet "industry standard" security practices in connection with a massive data breach earlier this month, according to court documents.
Illinois resident Katie Szpyrka, a registered LinkedIn account holder since 2010, claimed the company "failed to properly safeguard its users' digitally stored personally identifiable information including email addresses, passwords, and login credentials."
Szpyrka, filed the suit in United State District Court in the Northern District of California and now is demanding a jury trial on grounds including breach of contract and negligence.
The company was forced to admit two weeks ago that as many as six million passwords had been pinched and leaked online; the figure was later raised to eight million. However, reports have mentioned that LinkedIn called the suit "without merit" and said it would defend itself "vigorously."
"No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured. Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation," LinkedIn spokeswoman Erin O'Harra said in an email reportedly.
In the suit, Szpyrka has also mentioned that she pays $26.95 per month for a premium LinkedIn account and has claimed that LinkedIn has failed to comply with basic industry standards by using a weak encryption format.
The company had encrypted passwords with a SHA-1 algorithm but according to experts the fact the company neglected to "salt" the hash weakened the security.
According to court documents, Szpyrka said that the users in the class action group include individuals and entities in the United States who had a LinkedIn account on or before June 6, 2012, including those who paid for an upgraded account.
The suit specifically points out that LinkedIn failed to salt the passwords before storing them. The salt adds a dimension to the hash that makes it more difficult to uncover the protected data.
According to the lawsuit, LinkedIn also relied on an outmoded hashing format to store passwords and did not adhere to "basic security checklists" supplied by the US National Institute of Standards and Technology to prevent the type of attack, called a SQL injection attack that allowed hackers to gain access.