No Damages in LinkedIn Password Breach Lawsuit

Lawsuits can be a mixed blessing in the security field.

We’ve discussed using lawsuits as a method for “encouraging” good security practices before. This latest story from The Register brings to light one focused on the LinkedIn password breach from last year. According to the story two people sued LinkedIn for failing to live up to its end of security mentioned in their privacy policy. The duo were looking for compensation for damages as a result of the breach. There were several factors involved but the bottom line was that they were not able to prove any actual damages occurred.

Lawsuits, while helping in many ways, could be a mixed blessing in the security field. One one hand you could have many initiating frivolous lawsuits just to earn a quick buck. On the other hand they could be used to incentivize more security. Like with most things in life … there’s a dual purpose for everything.


A class-action lawsuit launched against LinkedIn after hackers leaked the website’s user passwords has been dismissed before reaching trial.

Northern California US District Judge Edward Davila ruled that two premium-account holders had been unable to demonstrate they suffered any actual harm as a result of the 2012 hack, which resulted in the online exposure of 6.5 million password hashes.

LinkedIn failed to salt these encoded login credentials, which were created using the outdated SHA-1 algorithm. Salting hashes, for the uninitiated, thwarts attempts to recover the original passwords.

Continued here.


How do you feel about lawsuits in the security field? Post your comments below. Today’s post pic is from

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.