LinkedIn Data Breach 2012 Case Study

Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021

Cecy C.

November 30, 2021

Tweet

More Decks by Cecy C.

See All by Cecy C.

Surviving Code Reviews & Tech Interviews

0

100

Vulnerability True: Surviving Brutal Code Reviews and Tech Interviews

0

170

The Joy of CSS: RailsConf 2019

0

180

RubyConf 2018 Psychology of Fake News

0

94

A Retro of Retros: How Sprint Retrospectives Can Be Both Fun and Productive

0

180

MONKTOBERFEST 2018: Psychology of Fake News

0

120

From Monolith to Microservice: Building APIs with gRPC & golang

3

1.9k

Building APIs with GRPC, PHP, and Golang

1

600

The Psychology of Fake News (And What Tech Can Do About It)

1

67

Other Decks in Technology

See All in Technology

スケールアップ企業でQA組織が機能し続けるための組織設計と仕組み〜ボトムアップとトップダウンを両輪としたアプローチ〜 

0

230

_Architecture_Modernization_から学ぶ現状理解から設計への道のり.pdf

2

740

スピンアウト講座06_認証系（API-OAuth-MCP）入門

0

1.1k

SSoT（Single Source of Truth）で「壊して再生」する設計

2

320

君はジョシュアツリーを知っているか？名前をつけて事象を正しく認識しよう / Do you know Joshua Tree?

4

120

Phase04_ターミナル基礎

0

2.2k

プログラミング不要！テスト自動化における生成AI使いこなし術

1

110

Bill One 開発エンジニア紹介資料

PRO

5

18k

スピンアウト講座01_GitHub管理

0

1.3k

Escape from Excel方眼紙～マークダウンで繋ぐ、人とAIの架け橋～ /nikkei-tech-talk44

nikkei_engineer_recruiting

0

200

データマネジメント戦略Night - 4社のリアルを語る会

1

220

Phase02_AI座学_応用

0

2.7k

Featured

See All Featured

Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf

0

490

Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline

PRO

0

150

How to make the Groovebox

2

2k

sira's awesome portfolio website redesign presentation

0

200

Making the Leap to Tech Lead

135

9.8k

How to Grow Your eCommerce with AI & Automation

PRO

1

150

Cheating the UX When There Is Nothing More to Optimize - PixelPioneers

stephaniewalter

287

14k

Fashionably flexible responsive web design (full day workshop)

408

66k

Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster

0

820

Claude Code のすすめ

67

220k

Fight the Zombie Pattern Library - RWD Summit 2016

234

17k

Chasing Engaging Ingredients in Design

0

150

Transcript

Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA
BREACH CASE STUDY
1. The Hack How it happened Tracing & attribution 2.
Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda
Using LinkedIn to Hack LinkedIn A little social engineering
4
5 (dramatic re-enactment of hacking into a server)
3 months later... Hack is uncovered on a message forum
7
Food for Thought A look back at Conﬁcker
Hackers always leave a trace Tracing & Attribution
None
Assessing impact Legal repercussions
6.5 million accounts
100+ million accounts
LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •
Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD
1. Secure conﬁguration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
1. Secure conﬁguration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
17
Food for Thought What do you think of the verdict?
Current day Where are they now?
20
21
22
Food for Thought Hack or no hack?
Read more at: cecy.dev Thank you!