[fmax30]

This sounds like an outright BS claim. There are two or more scenarios that may be presented as evidence.

i. LinkedIn used the users current passwords with their external addresses to access the external emails. ( impossible) ii. Linked in use some sort of Oauth/google authentication access to information permission thing(can't remember the name). (highly unlikely)

In any case I think we can only be certain with the actual evidence.

The Customers filing suit should know that LinkedIn is a publicly traded company and not a scam site.

Because even these claims are outrages if not utter BS.

[auctiontheory]

The Customers filing suit should know that LinkedIn is a publicly traded company and not a scam site.

Did you mean to say that? I know nothing about the details of this lawsuit, but I hope you realize that being a publicly traded company is no proof of being virtuous in all one's business operations!

[kintamanimatt]

Why is the first scenario impossible? People re-use passwords all the time.

[AjithAntony]

Yeah, don't they just straight up ask for your passwords? http://i.imgur.com/ucFx7Kw.png

[kintamanimatt]

There's that, but what I meant was they could combine the user's LinkedIn password with their email address and most of the time that would be a valid user/pass combination due to the frequency of password reuse. It's not like LinkedIn don't have access to the plaintext version of the user's password. After all, the hashing isn't done on the client but on the server.

[dingaling]

That's brazen, but if the plaintiffs complied with that prompt then they're basically telling the World that they not only violated the TOS of their e-mail provider but also their terms of employment and common sense.

Looks like implementing two-factor authentication might not only protect companies against malicious intruders but also from their own employees spilling the beans.