LinkedIn Data Breach 2012 Case Study

November 30, 2021

5.2k

LinkedIn Data Breach 2012 Case Study

Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021

Cecy C.

November 30, 2021

More Decks by Cecy C.

See All by Cecy C.

Surviving Code Reviews & Tech Interviews

0

100

Vulnerability True: Surviving Brutal Code Reviews and Tech Interviews

0

170

The Joy of CSS: RailsConf 2019

0

180

RubyConf 2018 Psychology of Fake News

0

95

A Retro of Retros: How Sprint Retrospectives Can Be Both Fun and Productive

0

180

MONKTOBERFEST 2018: Psychology of Fake News

0

120

From Monolith to Microservice: Building APIs with gRPC & golang

3

1.9k

Building APIs with GRPC, PHP, and Golang

1

600

The Psychology of Fake News (And What Tech Can Do About It)

1

69

Other Decks in Technology

See All in Technology

AWS DevOps Agentはチームメイトになれるのか？/ Can AWS DevOps Agent become a teammate

6

750

Azure Static Web Apps の自動ビルドがタイムアウトしやすくなった状況に対応した件/global-azure2026

0

420

インターネットの技術 / Internet technology

PRO

0

210

みんなの「データ活用」を支えるストレージ担当から持ち込むAWS活用/コミュニティー設計TIPS 10選~「作れる」より、「続けられる」設計へ~

0

250

AI バイブコーティングでキーボード不要？！

0

580

Amazon S3 Filesについて

2

210

AI時代における技術的負債への取り組み

1

1.6k

Pure Intonation on Browser: Building a Sequencer with Ruby

0

130

PicoRuby as a Multi-VM Operating System

1

110

自立を加速させる神器 - EMOasis #11

0

150

コミュニティ・勉強会を作るのは目的じゃない

0

230

EBS暗号化に失敗してEC2が動かなくなった話

2

210

Featured

See All Featured

Designing Powerful Visuals for Engaging Learning

1

350

The Psychology of Web Performance [Beyond Tellerrand 2023]

49

3.4k

Public Speaking Without Barfing On Your Shoes - THAT 2023

1

370

AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference

1

1.2k

Agile that works and the tools we love

331

21k

Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]

11

890

455

43k

SEO for Brand Visibility & Recognition

0

4.5k

How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT

PRO

1

3.5k

The Illustrated Guide to Node.js - THAT Conference 2024

1

340

<Decoding/> the Language of Devs - We Love SEO 2024

1

190

The Pragmatic Product Professional

37

7.2k

Transcript

Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA
BREACH CASE STUDY
1. The Hack How it happened Tracing & attribution 2.
Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda
Using LinkedIn to Hack LinkedIn A little social engineering
4
5 (dramatic re-enactment of hacking into a server)
3 months later... Hack is uncovered on a message forum
7
Food for Thought A look back at Conﬁcker
Hackers always leave a trace Tracing & Attribution
None
Assessing impact Legal repercussions
6.5 million accounts
100+ million accounts
LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •
Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD
1. Secure conﬁguration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
1. Secure conﬁguration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
17
Food for Thought What do you think of the verdict?
Current day Where are they now?
20
21
22
Food for Thought Hack or no hack?
Read more at: cecy.dev Thank you!