LinkedIn Data Breach 2012 Case Study

November 30, 2021

5.1k

LinkedIn Data Breach 2012 Case Study

Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021

Cecy C.

November 30, 2021

Tweet

More Decks by Cecy C.

See All by Cecy C.

Surviving Code Reviews & Tech Interviews

0

94

Vulnerability True: Surviving Brutal Code Reviews and Tech Interviews

0

160

The Joy of CSS: RailsConf 2019

0

170

RubyConf 2018 Psychology of Fake News

0

86

A Retro of Retros: How Sprint Retrospectives Can Be Both Fun and Productive

0

150

MONKTOBERFEST 2018: Psychology of Fake News

0

97

From Monolith to Microservice: Building APIs with gRPC & golang

3

1.8k

Building APIs with GRPC, PHP, and Golang

1

570

The Psychology of Fake News (And What Tech Can Do About It)

1

61

Other Decks in Technology

See All in Technology

Amplify Gen2から知るAWS CDK Toolkit Libraryの使い方/How to use the AWS CDK Toolkit Library as known from Amplify Gen2

1

320

VS CodeとGitHub Copilotで爆速開発！アップデートの波に乗るおさらい会 / Rapid Development with VS Code and GitHub Copilot: Catch the Latest Wave

2

410

Contract One Engineering Unit 紹介資料

0

6.8k

名刺メーカーDevグループ紹介資料

0

810

衛星運用をソフトウェアエンジニアに依頼したときにできあがるもの

1

260

伴走から自律へ：形式知へと導くSREイネーブリングによるプロダクトチームの信頼性オーナーシップ向上 / SRE NEXT 2025

visional_engineering_and_design

3

330

Copilot coding agentにベットしたいCTOが開発組織で取り組んだこと / GitHub Copilot coding agent in Team

0

160

LLM拡張解体新書/llm-extension-deep-dive

oracle4engineer

13

2.3k

[SRE NEXT 2025] すみずみまで暖かく照らすあなたの太陽でありたい

2

340

Reach American Airlines®️ Instantly: 19 Calling Methods for Fast Support in the USA

1

180

united airlines ™®️ USA Contact Numbers: Complete 2025 Support Guide

1

470

Introduction to Sansan for Engineers / エンジニア向け会社紹介

5

39k

Featured

See All Featured

The Language of Interfaces

158

25k

Embracing the Ebb and Flow

86

4.8k

VelocityConf: Rendering Performance Case Studies

332

24k

Measuring & Analyzing Core Web Vitals

7

510

For a Future-Friendly Web

179

9.8k

Designing Dashboards & Data Visualisations in Web Apps

231

53k

Music & Morning Musume

46

6.7k

Site-Speed That Sticks

10

700

The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024

26

2.9k

37

3.5k

Cheating the UX When There Is Nothing More to Optimize - PixelPioneers

stephaniewalter

282

13k

Documentation Writing (for coders)

72

4.9k

Transcript

Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA
BREACH CASE STUDY
1. The Hack How it happened Tracing & attribution 2.
Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda
Using LinkedIn to Hack LinkedIn A little social engineering
4
5 (dramatic re-enactment of hacking into a server)
3 months later... Hack is uncovered on a message forum
7
Food for Thought A look back at Conﬁcker
Hackers always leave a trace Tracing & Attribution
None
Assessing impact Legal repercussions
6.5 million accounts
100+ million accounts
LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •
Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD
1. Secure conﬁguration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
1. Secure conﬁguration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
17
Food for Thought What do you think of the verdict?
Current day Where are they now?
20
21
22
Food for Thought Hack or no hack?
Read more at: cecy.dev Thank you!