A United States federal court has approved a settlement that will see users of the professional networking site LinkedIn offered compensation over a passwork leak two years ago.
The breach in June 2012 saw around 6.5 million credentials leaked to a Russian web forum in an archive encrypted with the outmoded and weak SHA-1 algorithm.
In November 2013, premium subscriber Khalilah Wright took LinkedIn to court over the leak.
While Wright and other plaintiffs in the class-action suit failed to show that the leak caused them financial loss or future harm, the judge in the case upheld the claim that LinkedIn had misrepresented its security practices.
Wright said if she'd known the details of LinkedIn security practices - that passwords were stored without added salt - her subscription would've been less valuable.
The settlement will now go ahead for a total of US$1.25 million (A$1.6 million). However, the amount that each LinkedIn subscriber can claim is small, just US$50 (A$64) per head.
Some 800,000 paid users who subscribed to LinkedIn's premium service between March 15 2006 and June 6 2012 are eligible for compensation, the US court ruled.
Further details of the settlement and the process to apply for compensation have been published by claims administrators Kurtzman Carson Consultants.
.png&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
