Macworld Forums: LinkedIn hit with lawsuit over massive data breach - Macworld Forums

Post your comments for LinkedIn hit with lawsuit over massive data breach here

So Linkedin was grossly negligent in failing to adhere to security standards and now they poor salt on the wound by claiming that no account was breached. The passwords were breached - whether or not the hackers took advantage is another issue; most likely they're testing the passwords on other sites where they might be able to steal something more fruitful than a job listing. Whether or not a civil lawsuit will win out is questionable but given the sheer number of breaches due to negligence, Internet businesses need to be held accountable with heavy fines imposed by appropriate governmental jurisdictions.

If outfits like Linkedin had a larger computer security staff to skillfully protect their client data they would need fewer PR "spokeswomen" to lie about how well they protect their client data — you know, the professional prevaricators who spew excrement like "we at ABC Inc. value your privacy, yadda, yadda, yadda.

“No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured."

How are they keeping track of this? Someone using the same username/password combo I had for Linkedin logged into my old AOL account and sent spam to everyone that was in the account's address book. Coincidence? Perhaps. But maybe no Linkedin member accounts have been breached because people saw the news about it and changed their password for Linkedin.

"No member account has been breached as a result of the incident,"

Really? This is a preposterous statement. How could LinkedIn actually know if someone logging into an account with a name/password combo is the legitimate owner of said account or someone who stole it looking to get information about that person? Do they have some way of knowing this? I think not. Its a name and password, basic authentication that the site uses to verify the owner, If someone steals it and uses it, the LinkedIn site will let them in all the same! Honestly,can they stop with the bald faced lies? The only way someone could know if another person got into their account is if something changed, like posted an update, and the person realizes it. Otherwise, who could possibly know??

Finally we know how the breach was implemented in the first place. And it's really here that LinkedIn failed with security. They didn't implement good SQL protection. If they had none of this would be in the news.