Upgrade to Pro — share decks privately, control downloads, hide ads and more …

LinkedIn Data Breach 2012 Case Study

Cecy C.
November 30, 2021
Technology
0
4.9k

LinkedIn Data Breach 2012 Case Study

Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021

Cecy C.

November 30, 2021
Tweet

More Decks by Cecy C.

See All by Cecy C.
Surviving Code Reviews & Tech Interviews
cecyc
0
86
Vulnerability True: Surviving Brutal Code Reviews and Tech Interviews
cecyc
0
150
The Joy of CSS: RailsConf 2019
cecyc
0
160
RubyConf 2018 Psychology of Fake News
cecyc
0
82
A Retro of Retros: How Sprint Retrospectives Can Be Both Fun and Productive
cecyc
0
150
MONKTOBERFEST 2018: Psychology of Fake News
cecyc
0
80
From Monolith to Microservice: Building APIs with gRPC & golang
cecyc
3
1.7k
Building APIs with GRPC, PHP, and Golang
cecyc
1
540
The Psychology of Fake News (And What Tech Can Do About It)
cecyc
1
58

Other Decks in Technology

See All in Technology
LayerXにおけるAI活用事例とその裏側(2025年2月) バクラクの目指す “業務の自動運転” の例 / layerx-ai-deim2025
yuya4
1
540
データモデルYANGの処理系を再発明した話
tjmtrhs
0
310
フォーイット_エンジニア向け会社紹介資料_Forit_Company_Profile.pdf
forit_tech
1
1.7k
Amazon Athenaから利用時のGlueのIcebergテーブルのメンテナンスについて
nayuts
0
110
Global Databaseで実現するマルチリージョン自動切替とBlue/Greenデプロイ
j2yano
0
160
ExaDB-XSで利用されている Exadata Exascaleについて
oracle4engineer
PRO
3
300
開発者体験を定量的に把握する手法と活用事例
ham0215
0
130
IAMのマニアックな話2025
nrinetcom
PRO
6
1.4k
Qiita Organizationを導入したら、アウトプッターが爆増して会社がちょっと有名になった件
minorun365
PRO
1
320
入門 PEAK Threat Hunting @SECCON
odorusatoshi
0
180
いまからでも遅くない!コンテナでWebアプリを動かしてみよう!コンテナハンズオン編
nomu
0
180
RaspberryPi CM4(CM5も)面白いぞ!
nonnoise
0
100

Featured

See All Featured
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
Gamification - CAS2011
davidbonilla
80
5.2k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Agile that works and the tools we love
rasmusluckow
328
21k
Building Your Own Lightsaber
phodgson
104
6.2k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.6k
Building Applications with DynamoDB
mza
93
6.2k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.2k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.7k
Designing Experiences People Love
moore
140
23k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.2k

Transcript

  1. Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA

    BREACH CASE STUDY

  2. 1. The Hack How it happened Tracing & attribution 2.

    Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda

  3. Using LinkedIn to Hack LinkedIn A little social engineering

  4. 4

  5. 5 (dramatic re-enactment of hacking into a server)

  6. 3 months later... Hack is uncovered on a message forum

  7. 7

  8. Food for Thought A look back at Conficker

  9. Hackers always leave a trace Tracing & Attribution

  10. None

  11. Assessing impact Legal repercussions

  12. 6.5 million accounts

  13. 100+ million accounts

  14. LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •

    Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD

  15. 1. Secure configuration of hardware and software 2. Controlled use

    of admin privileges Mitigation & CIS Controls

  16. 1. Secure configuration of hardware and software 2. Controlled use

    of admin privileges Mitigation & CIS Controls

  17. 17

  18. Food for Thought What do you think of the verdict?

  19. Current day Where are they now?

  20. 20

  21. 21

  22. 22

  23. Food for Thought Hack or no hack?

  24. Read more at: cecy.dev Thank you!