Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
LinkedIn Data Breach 2012 Case Study
Search
Cecy C.
November 30, 2021
Technology
0
5.1k
LinkedIn Data Breach 2012 Case Study
Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021
Cecy C.
November 30, 2021
Tweet
Share
More Decks by Cecy C.
See All by Cecy C.
Surviving Code Reviews & Tech Interviews
cecyc
0
96
Vulnerability True: Surviving Brutal Code Reviews and Tech Interviews
cecyc
0
160
The Joy of CSS: RailsConf 2019
cecyc
0
170
RubyConf 2018 Psychology of Fake News
cecyc
0
87
A Retro of Retros: How Sprint Retrospectives Can Be Both Fun and Productive
cecyc
0
160
MONKTOBERFEST 2018: Psychology of Fake News
cecyc
0
100
From Monolith to Microservice: Building APIs with gRPC & golang
cecyc
3
1.8k
Building APIs with GRPC, PHP, and Golang
cecyc
1
580
The Psychology of Fake News (And What Tech Can Do About It)
cecyc
1
61
Other Decks in Technology
See All in Technology
S3 Glacier のデータを Athena からクエリしようとしたらどうなるのか/try-to-query-s3-glacier-from-athena
emiki
0
240
【OptimizationNight】数理最適化のラストワンマイルとしてのUIUX
brainpadpr
2
540
メルカリIBIS:AIが拓く次世代インシデント対応
0gm
2
430
Telemetry APIから学ぶGoogle Cloud ObservabilityとOpenTelemetryの現在 / getting-started-telemetry-api-with-google-cloud
k6s4i53rx
0
160
僕たちが「開発しやすさ」を求め 模索し続けたアーキテクチャ #アーキテクチャ勉強会_findy
bengo4com
0
2.5k
いま、あらためて考えてみるアカウント管理 with IaC / Account management with IaC
kohbis
1
290
MCPサーバーを活用したAWSコスト管理
arie0703
0
110
Amazon Q Developerを活用したアーキテクチャのリファクタリング
k1nakayama
2
220
Engineering Failure-Resilient Systems
infraplumber0
0
130
[OCI Technical Deep Dive] OracleのAI戦略(2025年8月5日開催)
oracle4engineer
PRO
1
230
【新卒研修資料】数理最適化 / Mathematical Optimization
brainpadpr
29
14k
Mackerel in さくらのクラウド
cubicdaiya
1
130
Featured
See All Featured
Testing 201, or: Great Expectations
jmmastey
45
7.6k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
131
19k
Imperfection Machines: The Place of Print at Facebook
scottboms
268
13k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Documentation Writing (for coders)
carmenintech
73
5k
How to Think Like a Performance Engineer
csswizardry
25
1.8k
Navigating Team Friction
lara
188
15k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.3k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
Done Done
chrislema
185
16k
How to Ace a Technical Interview
jacobian
279
23k
Transcript
Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA
BREACH CASE STUDY
1. The Hack How it happened Tracing & attribution 2.
Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda
Using LinkedIn to Hack LinkedIn A little social engineering
4
5 (dramatic re-enactment of hacking into a server)
3 months later... Hack is uncovered on a message forum
7
Food for Thought A look back at Conficker
Hackers always leave a trace Tracing & Attribution
None
Assessing impact Legal repercussions
6.5 million accounts
100+ million accounts
LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •
Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD
1. Secure configuration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
1. Secure configuration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
17
Food for Thought What do you think of the verdict?
Current day Where are they now?
20
21
22
Food for Thought Hack or no hack?
Read more at: cecy.dev Thank you!
cecyc
emiki
brainpadpr
0gm
k6s4i53rx
bengo4com
kohbis
arie0703
k1nakayama
infraplumber0
oracle4engineer
cubicdaiya
jmmastey
morganepeng
scottboms
hatefulcrawdad
chriscoyier
carmenintech
csswizardry
lara
garrettdimon
samanthasiow
chrislema
jacobian
