SAN JOSE, Calif. (CN) - A federal judge on Tuesday signed off on a settlement of a class action that accused LinkedIn of hacking into members' accounts, harvesting their email contacts and then barraging those contacts with promotional spam.
U.S. District Judge Lucy Koh gave final approval to the $13 million settlement with LinkedIn members who had their external email contacts addresses downloaded without gaining their consent, despite LinkedIn's promise to users that "we will not email anyone without your permission."
The federal class action was filed in September 2013 by nine individuals who represented approximately 20.8 million current and former LinkedIn users who had their external emails hacked.
The class representatives claimed that if a LinkedIn user left an external email account open, LinkedIn pretended to be that user and downloaded the email addresses contained anywhere in that account to LinkedIn's servers - including the addresses of former spouses, clients and opposing counsel.
LinkedIn then sent "multiple emails endorsing its products, services, and brand to potential new users, plus two follow-up reminder emails," the class claimed.
The professional networking site required members to provide an external email user name and password when creating an account.
In addition to the monetary settlement, LinkedIn also revised its "Add Connection" service disclosures that had been challenged. Now, two reminder emails will be sent to users in an effort to fully inform them before sending "Add Connection" invitations to one of their contacts.
"On its website, LinkedIn has added language to its import permission screens, including new 'learn more' and 'help center' buttons, which alert LinkedIn users that importing contact information in the Add Connections process entails a 'one-time upload of [the user's] address book contacts as well as their detailed contact information," Koh wrote in the 32-page order.
"It also notifies users that, in the course of importing a user's email contacts, '[LinkedIn] automatically selects all contacts on the displayed list to be invited' and offers users the option to 'uncheck the select all box' rather than manually de-selecting the contacts, as previously required," she added.
This is the second class action LinkedIn has settled in the last six months.
In September 2015, U.S. District Judge Edward Davila approved a $1.25 million settlement for 6.4 million LinkedIn members who had their passwords posted online by hackers, after accepting class members' theory that the professional networking site had promised paying members an "industry standard data security" which it failed to provide.
The 20.8 million LinkedIn users who had their external emails hacked can expect to receive approximately $20 after each lead plaintiff is paid a $1,500 incentive and $3.25 million is dispersed for attorneys' fees and costs.
However, one class member who had objected to the $20 she and her co-plaintiffs will receive - an objection Koh dismissed in the order as moot - gave notice that she would appeal the settlement to the Ninth Circuit.
Read the Top 8
Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.