Upgrade to Pro — share decks privately, control downloads, hide ads and more …

LinkedIn Data Breach 2012 Case Study

Cecy C.
November 30, 2021
Technology
0
4.9k

LinkedIn Data Breach 2012 Case Study

Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021

Cecy C.

November 30, 2021
Tweet

More Decks by Cecy C.

See All by Cecy C.
Surviving Code Reviews & Tech Interviews
cecyc
0
86
Vulnerability True: Surviving Brutal Code Reviews and Tech Interviews
cecyc
0
150
The Joy of CSS: RailsConf 2019
cecyc
0
160
RubyConf 2018 Psychology of Fake News
cecyc
0
82
A Retro of Retros: How Sprint Retrospectives Can Be Both Fun and Productive
cecyc
0
140
MONKTOBERFEST 2018: Psychology of Fake News
cecyc
0
80
From Monolith to Microservice: Building APIs with gRPC & golang
cecyc
3
1.7k
Building APIs with GRPC, PHP, and Golang
cecyc
1
540
The Psychology of Fake News (And What Tech Can Do About It)
cecyc
1
58

Other Decks in Technology

See All in Technology
リクルートのエンジニア組織を下支えする 新卒の育成の仕組み
recruitengineers
PRO
1
130
EMConf JP 2025 懇親会LT / EMConf JP 2025 social gathering
sugamasao
2
200
Global Databaseで実現するマルチリージョン自動切替とBlue/Greenデプロイ
j2yano
0
130
Aurora PostgreSQLがCloudWatch Logsに 出力するログの課金を削減してみる #jawsdays2025
non97
1
230
AWSを活用したIoTにおけるセキュリティ対策のご紹介
kwskyk
0
410
ウォンテッドリーのデータパイプラインを支える ETL のための analytics, rds-exporter / analytics, rds-exporter for ETL to support Wantedly's data pipeline
unblee
0
140
1行のコードから社会課題の解決へ: EMの探究、事業・技術・組織を紡ぐ実践知 / EM Conf 2025
9ma3r
12
4.3k
Autonomous Database Serverless 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
17
45k
JAWS FESTA 2024「バスロケ」GPS×サーバーレスの開発と運用の舞台裏/jawsfesta2024-bus-gps-serverless
ma2shita
3
270
スキルだけでは満たせない、 “組織全体に”なじむオンボーディング/Onboarding that fits “throughout the organization” and cannot be satisfied by skills alone
bitkey
0
190
20250304_赤煉瓦倉庫_DeepSeek_Deep_Dive
hiouchiy
2
110
Snowflake ML モデルを dbt データパイプラインに組み込む​
estie
0
110

Featured

See All Featured
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Automating Front-end Workflow
addyosmani
1368
200k
Designing Experiences People Love
moore
140
23k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.7k
For a Future-Friendly Web
brad_frost
176
9.6k
Adopting Sorbet at Scale
ufuk
74
9.2k
Being A Developer After 40
akosma
89
590k
Typedesign – Prime Four
hannesfritz
40
2.5k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
Building a Scalable Design System with Sketch
lauravandoore
461
33k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
Site-Speed That Sticks
csswizardry
4
410

Transcript

  1. Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA

    BREACH CASE STUDY

  2. 1. The Hack How it happened Tracing & attribution 2.

    Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda

  3. Using LinkedIn to Hack LinkedIn A little social engineering

  4. 4

  5. 5 (dramatic re-enactment of hacking into a server)

  6. 3 months later... Hack is uncovered on a message forum

  7. 7

  8. Food for Thought A look back at Conficker

  9. Hackers always leave a trace Tracing & Attribution

  10. None

  11. Assessing impact Legal repercussions

  12. 6.5 million accounts

  13. 100+ million accounts

  14. LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •

    Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD

  15. 1. Secure configuration of hardware and software 2. Controlled use

    of admin privileges Mitigation & CIS Controls

  16. 1. Secure configuration of hardware and software 2. Controlled use

    of admin privileges Mitigation & CIS Controls

  17. 17

  18. Food for Thought What do you think of the verdict?

  19. Current day Where are they now?

  20. 20

  21. 21

  22. 22

  23. Food for Thought Hack or no hack?

  24. Read more at: cecy.dev Thank you!