SALT LAKE CITY — To settle a class-action lawsuit that alleged LinkedIn failed to protect the passwords and private information of its premium subscriber customers, the company has agreed to pay $1.25 — or about $1 each — million to approximately 800,000 people who were premium users of the social media network between March 2006 and June 2012.

The case dates back to June, 2012 when LinkedIn premium user Katie Szpyrka sued LinkedIn after the social network reported that 6.5 million hashed user passwords were published online. Alleged in the court action were a number of California state law violations, breach of implied contracts and privacy, along with negligence. Shortly thereafter, another LinkedIn user filed a class-action lawsuit claiming that LinkedIn violated its user agreement and privacy policy.

According to documents filed with the court, LinkedIn purposely failed to salt user passwords before storing them in a database. In terms of privacy, salting passwords adds a dimension to the hash that makes it more difficult to uncover protected data. The social media network was also accused of lax security procedures in that the hackers used an SQL injection attack, which permitted access to LinkedIn databases via a website.

“Salting passwords is an important privacy protection that shouldn't be ignored,” Jose Daniel Carrillo, director of the Barnett Capital Group, told KSL. “With database breaches occurring more often, don’t be surprised to see more of these privacy-based lawsuits in the future.”

According to The New York Times, the settlement covers individuals and entities in the United States who paid for premium subscriptions between March 15, 2006, and June 7, 2012.

As part of the settlement, LinkedIn has also agreed to "employ both salting and hashing, or an equivalent or greater form of protection in LinkedIn’s judgment, to protect LinkedIn users’ passwords for a period of five years after the final settlement date."

While LinkedIn premium users are eligible to make a claim against the $1.25 million settlement fund, attorneys will receive approximately one-third of the settlement for bringing the action. Individual plaintiffs must thereafter apply to share in the settlement and the actual amount paid to each claimant will depend on the actual number of claim forms received.

“So let me get this right, I’ve paid close to $60 a year for premium LinkedIn service and I’m getting a buck back?” Brenda Di Ioia, a premium LinkedIn subscriber, asked KSL. “Why bother with a settlement at all? I think it’s time to cancel my subscription and save the money.”

Related Story

Utah cyber security experts call for 'hacking' education

Recent data breaches at major retailers and computer hacking events have cyber security experts calling for the public to get smarter about online security.

In the event that award funds exceed attorney fees and claimant demands, any remaining funds will be donated to nonprofit organizations — the Center for Democracy & Technology, the World Privacy Forum and the Carnegie Mellon CyLab Usable Privacy and Security Laboratory, as designated by the parties.

Following settlement of the action Monday, LinkedIn provided a statement to The New York Times, that curtly stated: "Following the dismissal of every other claim associated with this lawsuit, LinkedIn has agreed to this settlement to avoid the distraction and expense of ongoing litigation."

“As a businessman who heavily relies upon social media and the use of tools such as LinkedIn, I applaud the settlement and increase of security measures,” Lee Feldman of Pops Corn in Fort Lauderdale, Florida, told KSL. “With that said, any settlement should have included a refund or rebate of a user’s premium subscription fee rate.” As a nationally recognized credit repair and ID theft expert, Bill Lewis is principal of William E. Lewis Jr. & Associates, a solutions based professional consulting firm specializing in the discriminating individual, business or governmental entity.