Big Surprise – Russian indicted over LinkedIn and Dropbox mega-breaches
A Russian citizen has been arrested in the Czech Republic and indicted in connection with massive breaches: the 2012 attack on LinkedIn and the subsequent attack on Dropbox.
The man, 29-year-old Yevgeniy Nikulin, from Moscow, also allegedly targeted Formspring, a social networking service now known as Spring.me that’s a portal for the dating service Twoo.
According to the indictment, unsealed on Friday, Nikulin allegedly targeted a LinkedIn employee with malware so as to steal his access credentials.
The 2012 LinkedIn leak meant that millions of passwords for the professional networking site were dumped online.
That’s bad enough, but then came the news that 60% of the enormous trove of credentials had been cracked within hours.
It got worse from there. At the time of the breach, “only” 6.5 million encrypted (but not salted!) passwords had been posted online. However, we learned in May that in fact 117 million LinkedIn account emails and passwords up for sale.
After Nikulin and unnamed co-conspirators had allegedly turned LinkedIn upside down, it was Dropbox’s turn.