Upgrade to Pro — share decks privately, control downloads, hide ads and more …

LinkedIn Data Breach 2012 Case Study

Cecy C.
November 30, 2021
Technology
0
4.8k

LinkedIn Data Breach 2012 Case Study

Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021

Cecy C.

November 30, 2021
Tweet

More Decks by Cecy C.

See All by Cecy C.
Surviving Code Reviews & Tech Interviews
cecyc
0
84
Vulnerability True: Surviving Brutal Code Reviews and Tech Interviews
cecyc
0
150
The Joy of CSS: RailsConf 2019
cecyc
0
160
RubyConf 2018 Psychology of Fake News
cecyc
0
79
A Retro of Retros: How Sprint Retrospectives Can Be Both Fun and Productive
cecyc
0
140
MONKTOBERFEST 2018: Psychology of Fake News
cecyc
0
74
From Monolith to Microservice: Building APIs with gRPC & golang
cecyc
3
1.7k
Building APIs with GRPC, PHP, and Golang
cecyc
1
520
The Psychology of Fake News (And What Tech Can Do About It)
cecyc
1
57

Other Decks in Technology

See All in Technology
日本語プログラミングとSpring Bootアプリケーション開発 #kanjava
yusuke
2
350
バクラクの組織とアーキテクチャ(要約)2025/01版
shkomine
13
3k
FastConnect の冗長性
ocise
1
9.3k
[JAWS-UG栃木]地方だからできたクラウドネイティブ事例大公開! / jawsug_tochigi_tachibana
biatunky
0
130
プロダクト価値を引き上げる、「課題の再定義」という習慣
moeka__c
0
210
カスタムインストラクションでGitHub Copilotをカスタマイズ!
07jp27
7
880
攻撃者の視点で社内リソースはどう見えるのかを ASMで実現する
hikaruegashira
4
2.1k
20250129 Findy_テスト高活用化
dshirae
0
230
ソフトウェアアーキテクトのための意思決定術: Software Architecture and Decision-Making
snoozer05
PRO
17
4.1k
“自分”を大切に、フラットに。キャリアチェンジしてからの一年 三ヶ月で見えたもの。
maimyyym
0
300
GitLab SelfManagedをCodePipelineのソースに設定する/SetGitLabSelfManagedtoCodePipeline
norihiroishiyama
1
120
Platform EngineeringがあればSREはいらない!? 新時代のSREに求められる役割とは
mshibuya
2
4.1k

Featured

See All Featured
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.3k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.5k
GitHub's CSS Performance
jonrohan
1030
460k
Into the Great Unknown - MozCon
thekraken
34
1.6k
The Cult of Friendly URLs
andyhume
78
6.2k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
520
Statistics for Hackers
jakevdp
797
220k
How STYLIGHT went responsive
nonsquared
96
5.3k
Designing for humans not robots
tammielis
250
25k
A Modern Web Designer's Workflow
chriscoyier
693
190k
RailsConf 2023
tenderlove
29
980
Gamification - CAS2011
davidbonilla
80
5.1k

Transcript

  1. Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA

    BREACH CASE STUDY

  2. 1. The Hack How it happened Tracing & attribution 2.

    Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda

  3. Using LinkedIn to Hack LinkedIn A little social engineering

  4. 4

  5. 5 (dramatic re-enactment of hacking into a server)

  6. 3 months later... Hack is uncovered on a message forum

  7. 7

  8. Food for Thought A look back at Conficker

  9. Hackers always leave a trace Tracing & Attribution

  10. None

  11. Assessing impact Legal repercussions

  12. 6.5 million accounts

  13. 100+ million accounts

  14. LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •

    Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD

  15. 1. Secure configuration of hardware and software 2. Controlled use

    of admin privileges Mitigation & CIS Controls

  16. 1. Secure configuration of hardware and software 2. Controlled use

    of admin privileges Mitigation & CIS Controls

  17. 17

  18. Food for Thought What do you think of the verdict?

  19. Current day Where are they now?

  20. 20

  21. 21

  22. 22

  23. Food for Thought Hack or no hack?

  24. Read more at: cecy.dev Thank you!