2012 LinkedIn hack

The 2012 LinkedIn hack refers to the computer

Passwords for nearly 6.5 million user accounts were stolen. Yevgeniy Nikulin

was convicted of the crime and sentenced to 88 months in prison.

Owners of the hacked accounts were unable to access their accounts. LinkedIn said, in an official statement, that they would email members with instructions on how they could reset their passwords. In May 2016, LinkedIn discovered an additional 100 million email addresses and passwords that had been compromised from the same 2012 breach.

History

The hack

The

cybercriminals.^[1]^[2] Owners of the hacked accounts were no longer able to access their accounts, and the website repeatedly encouraged its users to change their passwords after the incident.^[3] Vicente Silveira, the director of LinkedIn,^[4] confirmed, on behalf of the company, that the website was hacked in its official blog. He also said that the holders of the compromised accounts would find their passwords were no longer valid on the website.^[5]

In May 2016, LinkedIn discovered an additional 100 million email addresses and hashed passwords that claimed to be additional data from the same 2012 breach. In response, LinkedIn invalidated the passwords of all users that had not changed their passwords since 2012.[6]

Leak

A collection containing data about more than 700 million users, believed to have been scraped from LinkedIn, was leaked online in September, 2021 in form of a torrent file after hackers previously tried to sell it earlier in June, 2021.^[7]

Reaction

Internet security experts said that the passwords were easy to unscramble because of LinkedIn's failure to use a

Secure Sockets Layer (SSL) protocol. The company added that it had never stored or shared that information with a third party.^[10]^[11]

Rep.

data privacy and cybercrime legislation a top priority."^[12]^[13]

Marcus Carey, a security researcher for

Rapid7, said that the hackers had penetrated the databases of LinkedIn in the preceding days.^[14]

He expressed concerns that they may have had access to the website even after the attack.

Michael Aronowitz, Vice President of Saveology said, "Everyday hundreds of sites are hacked and personal information is obtained. Stealing login information from one account can easily be used to access other accounts, which can hold personal and financial information." Security experts indicated that the stolen passwords were encrypted in a way that was fairly easy to decrypt, which was one of the reasons for the data breach.^[15]

Katie Szpyrka, a long time user of LinkedIn from

SOPA and PIPA in the United States Congress.^[16]

An amended complaint was filed on Nov. 26, 2012 on behalf of Szpyrka and another premium LinkedIn user from Virginia, United States, named Khalilah Gilmore–Wright, as class representatives for all LinkedIn users who were affected by the breach.^[17] The lawsuit sought injunctive and other equitable relief, as well as restitution and damages for the plaintiffs and members of the class.^[17]

Response from LinkedIn

LinkedIn apologized immediately after the data breach and asked its users to immediately change their passwords.^[1] The Federal Bureau of Investigation assisted the LinkedIn Corporation in investigating the theft. As of 8 June 2012, the investigation was still in its early stages, and the company said it was unable to determine whether the hackers were also able to steal the email addresses associated with the compromised user accounts as well.^[18] LinkedIn said that the users whose passwords are compromised would be unable to access their LinkedIn accounts using their old passwords.^[19]

Arrest and conviction of suspect

On October 5, 2016, Russian hacker Yevgeniy Nikulin was detained by Czech police in Prague. The United States had requested an Interpol warrant for him.^[20]

A United States grand jury indicted Nikulin and three unnamed co-conspirators on charges of aggravated

Formspring, allegedly conspiring to sell stolen Formspring customer data, including usernames, e-mail addresses, and passwords.^[21]

Nikulin was convicted and sentenced to 88 months of imprisonment.[22]

References

^ ^a ^b "An update on the hack". Linkedin. Retrieved June 8, 2012.
^ "Hackers steal 6.5 million passwords from LinkedIn". Herald Sun. Retrieved June 8, 2012.
^ "LinkedIn Confirms, Apologizes for Stolen Password Breach". Mashable.com. June 6, 2012. Retrieved June 8, 2012.
^ "LinkedIn busy to investigate". The Economic Times. June 10, 2012. Retrieved July 20, 2012.
^ "Update:Linked in confirms it is hacked". Pc world.com. June 6, 2012. Archived from the original on September 14, 2012. Retrieved June 8, 2012.
^ "Protecting Our Members". LinkedIn. Retrieved May 25, 2016.
^ "Hackers leak LinkedIn 700 million data scrape". TheRecord.media. September 22, 2021. Retrieved September 25, 2021.
^ "LinkedIn suffers data breach-security experts". Reuters. June 6, 2012. Archived from the original on November 6, 2014. Retrieved June 8, 2012.
^ Kingsley-Hughes, Adrian. "LinkedIn ios app grabs names, emails, notes- from your calendar". Forbes.com. Retrieved June 8, 2012.
^ "LinkedIn iOS app privacy issues concern people". Mashable.com. June 6, 2012. Retrieved June 8, 2012.
arXiv:1703.06586 [cs.CR
].

^ "LinkedIn Passwords Leaked... Congress Immediately Wants To 'Do Something!'". Techdirt.com. June 7, 2012. Retrieved June 8, 2012.

^ Sasso, Brendan (June 6, 2012). "Lawmakers concerned by report that LinkedIn passwords were stolen". Hillicon Valley. Retrieved July 25, 2012.

^ "Hacker claims to have stolen millions of passwords". The Mercury News. Retrieved June 7, 2012.

PRWeb
. Retrieved April 18, 2013.

^ "LinkedIn sued for $5 million over hacked passwords". The News Tribe.com. June 21, 2012. Retrieved June 23, 2012.

^
IDG News Service
. Retrieved April 3, 2012.

^ "FBI to help LinkedIn". Gadgets.NDTV.com. June 8, 2012. Retrieved June 8, 2012.

^ "LinkedIn gets hacked". Fox10TV.com. Retrieved June 8, 2012.

^ Treshchanin, Dmitry; Shchetko, Nick (October 20, 2016). "Exclusive: Digital Trail Betrays Identity Of Russian 'Hacker' Detained In Prague". RadioFreeEurope/RadioLiberty.

^ "U.S. Charges Russian Hacker With Stealing LinkedIn Data". RadioFreeEurope/RadioLiberty. October 22, 2016.

^ Stone, Jeff (September 29, 2020). "LinkedIn hacker Nikulin sentenced to 7 years in prison after years of legal battles". Archived from the original on September 29, 2020. Retrieved November 23, 2020.

v
t
e
LinkedIn
A subsidiary of Microsoft
People

Reid Hoffman (founder)

Eric Ly

Ryan Roslansky

Kevin Scott

Rashmi Sinha

Jeff Weiner

Lynda Weinman

Subsidiaries

LinkedIn Learning

Software

Helix

Kafka

Samza

Voldemort

Defunct

Bright.com

Connectifier

LinkedIn Pulse

Former

SlideShare

Facilities

222 Second Street

Events

2012 LinkedIn hack

hiQ Labs v. LinkedIn

Timeline of LinkedIn

Related

LinkedIn Top Companies

v
t
e
Hacking in the 2010s
← 2000s
Timeline
2020s →
Major incidents
2010

Operation Aurora (publication of 2009 events)

Australian cyberattacks

Operation Olympic Games

Operation ShadowNet

Operation Payback

2011

Canadian government

DigiNotar

DNSChanger

HBGary Federal

Operation AntiSec

PlayStation network outage

RSA SecurID compromise

2012

LinkedIn hack

Stratfor email leak

Operation High Roller

2013

South Korea cyberattack

Snapchat hack

Cyberterrorism Attack of June 25

2013 Yahoo! data breach

Singapore cyberattacks

2014

Anthem medical data breach

Operation Tovar

2014 celebrity nude photo leak

2014 JPMorgan Chase data breach

2014 Sony Pictures hack

Russian hacker password theft

2014 Yahoo! data breach

2015

Office of Personnel Management data breach

Hacking Team

Ashley Madison data breach

VTech data breach

Ukrainian Power Grid Cyberattack

SWIFT banking hack

2016

Bangladesh Bank robbery

Hollywood Presbyterian Medical Center ransomware incident

Commission on Elections data breach

Democratic National Committee cyber attacks

Vietnam Airport Hacks

DCCC cyber attacks

Indian Bank data breaches

Surkov leaks

Dyn cyberattack

Russian interference in the 2016 U.S. elections

2016 Bitfinex hack

2017

SHAttered

2017 Macron e-mail leaks

WannaCry ransomware attack

Westminster data breach

Petya and NotPetya
2017 Ukraine ransomware attacks

Vault7 data breach

Equifax data breach

Deloitte breach

Disqus breach

2018

Trustico

Atlanta cyberattack

SingHealth data breach

2019

Sri Lanka cyberattack

Baltimore ransomware attack

Bulgarian revenue agency hack

WhatsApp snooping scandal

Jeff Bezos phone hacking incident

Hacktivism

Anonymous
associated events

CyberBerkut

GNAA

Goatse Security

Lizard Squad

LulzRaft

LulzSec

New World Hackers

NullCrew

OurMine

PayPal 14

RedHack

Teamp0ison

TDO

UGNazi

Ukrainian Cyber Alliance

Advanced
persistent threats

Bangladesh Black Hat Hackers

Bureau 121

Charming Kitten

Cozy Bear

Dark Basin

DarkMatter

Elfin Team

Equation Group

Fancy Bear

GOSSIPGIRL (confederation)

Guccifer 2.0

Hacking Team

Helix Kitten

Iranian Cyber Army

Lazarus Group (BlueNorOff) (AndAriel)

NSO Group

Numbered Panda

PLA Unit 61398

PLA Unit 61486

PLATINUM

Pranknet

Red Apollo

Rocket Kitten

Stealth Falcon

Syrian Electronic Army

Tailored Access Operations

The Shadow Brokers

Yemen Cyber Army

Individuals

George Hotz

Guccifer

Jeremy Hammond

Junaid Hussain

Kristoffer von Hassel

Mustafa Al-Bassam

MLT

Ryan Ackroyd

Sabu

Topiary

Track2

The Jester

Major vulnerabilities
publicly disclosed

Evercookie (2010)

iSeeYou (2013)

Heartbleed (2014)

Shellshock (2014)

POODLE (2014)

Rootpipe (2014)

Row hammer (2014)

SS7 vulnerabilities
(2014)

JASBUG (2015)

Stagefright (2015)

DROWN (2016)

Badlock (2016)

Dirty COW (2016)

Cloudbleed (2017)

Broadcom Wi-Fi (2017)

EternalBlue (2017)

DoublePulsar (2017)

Silent Bob is Silent (2017)

KRACK (2017)

ROCA vulnerability (2017)

BlueBorne (2017)

Meltdown (2018)

Spectre (2018)

EFAIL (2018)

Exactis (2018)

Speculative Store Bypass (2018)

Lazy FP state restore (2018)

TLBleed (2018)

SigSpoof (2018)

Foreshadow (2018)

Dragonblood (2019)

Microarchitectural Data Sampling (2019)

BlueKeep (2019)

Kr00k (2019)

Malware
2010

Bad Rabbit

Black Energy 2

SpyEye

Stuxnet

2011

Coreflood

Alureon

Duqu

Kelihos

Metulji botnet

Stars

2012

Carna

Dexter

FBI

Flame

Mahdi

Red October

Shamoon

2013

CryptoLocker

DarkSeoul

2014

Brambul

Black Energy 3

Carbanak

Careto

DarkHotel

Duqu 2.0

FinFisher

Gameover ZeuS

Regin

2015

Dridex

Hidden Tear

Rombertik

TeslaCrypt

2016

Hitler

Jigsaw

KeRanger

Necurs

MEMZ

Mirai

Pegasus

Petya and NotPetya

X-Agent

2017

BrickerBot

Kirk

LogicLocker

Rensenware

Triton

WannaCry

XafeCopy

2018

VPNFilter

2019

Grum

Joanap

NetTraveler

R2D2

Tinba

Titanium

ZeroAccess botnet

Retrieved from "https://en.wikipedia.org/w/index.php?title=2012_LinkedIn_hack&oldid=1219165785"

[officialnotice-1] "An update on the hack". Linkedin. Retrieved June 8, 2012.

[2] "Hackers steal 6.5 million passwords from LinkedIn". Herald Sun. Retrieved June 8, 2012.

[3] "LinkedIn Confirms, Apologizes for Stolen Password Breach". Mashable.com. June 6, 2012. Retrieved June 8, 2012.

[4] "LinkedIn busy to investigate". The Economic Times. June 10, 2012. Retrieved July 20, 2012.

[5] "Update:Linked in confirms it is hacked". Pc world.com. June 6, 2012. Archived from the original on September 14, 2012. Retrieved June 8, 2012.

[2016-more-data-6] "Protecting Our Members". LinkedIn. Retrieved May 25, 2016.

[7] "Hackers leak LinkedIn 700 million data scrape". TheRecord.media. September 22, 2021. Retrieved September 25, 2021.

[8] "LinkedIn suffers data breach-security experts". Reuters. June 6, 2012. Archived from the original on November 6, 2014. Retrieved June 8, 2012.

[9] Kingsley-Hughes, Adrian. "LinkedIn ios app grabs names, emails, notes- from your calendar". Forbes.com. Retrieved June 8, 2012.

[10] "LinkedIn iOS app privacy issues concern people". Mashable.com. June 6, 2012. Retrieved June 8, 2012.

[11] rXiv:1703.06586 [cs.CR
].

[12] "LinkedIn Passwords Leaked... Congress Immediately Wants To 'Do Something!'". Techdirt.com. June 7, 2012. Retrieved June 8, 2012.

[13] Sasso, Brendan (June 6, 2012). "Lawmakers concerned by report that LinkedIn passwords were stolen". Hillicon Valley. Retrieved July 25, 2012.

[14] "Hacker claims to have stolen millions of passwords". The Mercury News. Retrieved June 7, 2012.

[15] PRWeb
. Retrieved April 18, 2013.

[16] "LinkedIn sued for $5 million over hacked passwords". The News Tribe.com. June 21, 2012. Retrieved June 23, 2012.

[PCworld.com-17] 
IDG News Service
. Retrieved April 3, 2012.

[18] "FBI to help LinkedIn". Gadgets.NDTV.com. June 8, 2012. Retrieved June 8, 2012.

[19] "LinkedIn gets hacked". Fox10TV.com. Retrieved June 8, 2012.

[RFERL-20] Treshchanin, Dmitry; Shchetko, Nick (October 20, 2016). "Exclusive: Digital Trail Betrays Identity Of Russian 'Hacker' Detained In Prague". RadioFreeEurope/RadioLiberty.

[21] "U.S. Charges Russian Hacker With Stealing LinkedIn Data". RadioFreeEurope/RadioLiberty. October 22, 2016.

[22] Stone, Jeff (September 29, 2020). "LinkedIn hacker Nikulin sentenced to 7 years in prison after years of legal battles". Archived from the original on September 29, 2020. Retrieved November 23, 2020.

[1]

[2]

[3]

[4]

[5]

[7]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]