In 2012, 6.5 million cryptographic hashes were posted by an anonymous hacker to the internet that belonged to the users of LinkedIn. As per a BBC’s report, the stolen passwords were published on a website hosted in Russia.
Due to the aforementioned business networking site’s lag to protect the privacy of its users, it had to face a class action lawsuit by its users. Katie Szpyrka, a LinkedIn premium user had sued the site immediately after the hashed passwords were posted. She accused the company of violating California state laws, of breaching the implied contracts, carelessness etc. Although the legal matter has been settled, LinkedIn now has to compensate the cyber crime victims with $1 each i.e, the company has to shell out an amount of $1.25 million in total.
Only those who paid to use the site between 15 March 2006 and 7 June 2012 are eligible for the claim and they have until 2 May this year to file their claim.
Further to the monetary compensation, LinkedIn has also agreed to equip itself with both, hashing and salting. Hashing means producing hash values for accessing data or for security. A hash value/message digest, is a numbered generated from a string of text. Salting on the other hand means infusing a random data as an additional input to a one-way function that hashes a password or a passphrase. Its primary function is to defend against dictionary and rainbow table attacks.