Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
LinkedIn Data Breach 2012 Case Study
Search
Cecy C.
November 30, 2021
Technology
0
5.1k
LinkedIn Data Breach 2012 Case Study
Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021
Cecy C.
November 30, 2021
Tweet
Share
More Decks by Cecy C.
See All by Cecy C.
Surviving Code Reviews & Tech Interviews
cecyc
0
96
Vulnerability True: Surviving Brutal Code Reviews and Tech Interviews
cecyc
0
160
The Joy of CSS: RailsConf 2019
cecyc
0
170
RubyConf 2018 Psychology of Fake News
cecyc
0
87
A Retro of Retros: How Sprint Retrospectives Can Be Both Fun and Productive
cecyc
0
160
MONKTOBERFEST 2018: Psychology of Fake News
cecyc
0
100
From Monolith to Microservice: Building APIs with gRPC & golang
cecyc
3
1.8k
Building APIs with GRPC, PHP, and Golang
cecyc
1
580
The Psychology of Fake News (And What Tech Can Do About It)
cecyc
1
61
Other Decks in Technology
See All in Technology
フィンテック養成勉強会#56
finengine
0
140
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
4
10k
研究開発と製品開発、両利きのロボティクス
youtalk
1
510
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
8.7k
MCPで変わる Amebaデザインシステム「Spindle」の開発
spindle
PRO
3
3.2k
AI開発ツールCreateがAnythingになったよ
tendasato
0
120
ZOZOマッチのアーキテクチャと技術構成
zozotech
PRO
3
1.5k
なぜテストマネージャの視点が 必要なのか? 〜 一歩先へ進むために 〜
moritamasami
0
210
Codeful Serverless / 一人運用でもやり抜く力
_kensh
7
370
Django's GeneratedField by example - DjangoCon US 2025
pauloxnet
0
120
Obsidian応用活用術
onikun94
1
460
DevIO2025_継続的なサービス開発のための技術的意思決定のポイント / how-to-tech-decision-makaing-devio2025
nologyance
1
370
Featured
See All Featured
It's Worth the Effort
3n
187
28k
How STYLIGHT went responsive
nonsquared
100
5.8k
The Cost Of JavaScript in 2023
addyosmani
53
8.9k
Optimising Largest Contentful Paint
csswizardry
37
3.4k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Done Done
chrislema
185
16k
Bash Introduction
62gerente
615
210k
Music & Morning Musume
bryan
46
6.8k
Producing Creativity
orderedlist
PRO
347
40k
RailsConf 2023
tenderlove
30
1.2k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Transcript
Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA
BREACH CASE STUDY
1. The Hack How it happened Tracing & attribution 2.
Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda
Using LinkedIn to Hack LinkedIn A little social engineering
4
5 (dramatic re-enactment of hacking into a server)
3 months later... Hack is uncovered on a message forum
7
Food for Thought A look back at Conficker
Hackers always leave a trace Tracing & Attribution
None
Assessing impact Legal repercussions
6.5 million accounts
100+ million accounts
LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •
Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD
1. Secure configuration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
1. Secure configuration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
17
Food for Thought What do you think of the verdict?
Current day Where are they now?
20
21
22
Food for Thought Hack or no hack?
Read more at: cecy.dev Thank you!