LinkedIn Data Breach 2012 Case Study

Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021

Cecy C.

November 30, 2021

Tweet

More Decks by Cecy C.

See All by Cecy C.

Surviving Code Reviews & Tech Interviews

0

100

Vulnerability True: Surviving Brutal Code Reviews and Tech Interviews

0

160

The Joy of CSS: RailsConf 2019

0

170

RubyConf 2018 Psychology of Fake News

0

93

A Retro of Retros: How Sprint Retrospectives Can Be Both Fun and Productive

0

180

MONKTOBERFEST 2018: Psychology of Fake News

0

120

From Monolith to Microservice: Building APIs with gRPC & golang

3

1.9k

Building APIs with GRPC, PHP, and Golang

1

590

The Psychology of Fake News (And What Tech Can Do About It)

1

65

Other Decks in Technology

See All in Technology

Tebiki Engineering Team Deck

0

24k

モダンUIでフルサーバーレスなAIエージェントをAmplifyとCDKでサクッとデプロイしよう

4

170

プロダクト成長を支える開発基盤とスケールに伴う課題

4

1.3k

【Oracle Cloud ウェビナー】[Oracle AI Database + AWS] Oracle Database@AWSで広がるクラウドの新たな選択肢とAI時代のデータ戦略

oracle4engineer

PRO

1

100

Introduction to Sansan, inc / Sansan Global Development Center, Inc.

PRO

0

3k

Kiro IDEのドキュメントを全部読んだので地味だけどちょっと嬉しい機能を紹介する

0

170

usermode linux without MMU - fosdem2026 kernel devroom

0

230

MCPでつなぐElasticsearchとLLM - 深夜の障害対応を楽にしたい / Bridging Elasticsearch and LLMs with MCP

0

150

こんなところでも（地味に）活躍するImage Modeさんを知ってるかい？- Image Mode for OpenShift -

0

120

FinTech SREのAWSサービス活用/Leveraging AWS Services in FinTech SRE

0

130

生成AIを活用した音声文字起こしシステムの2つの構築パターンについて

PRO

1

160

Bedrock PolicyでAmazon Bedrock Guardrails利用を強制してみた

0

190

Featured

See All Featured

Making the Leap to Tech Lead

135

9.7k

Collaborative Software Design: How to facilitate domain modelling decisions

0

140

Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa

PRO

1

54

Agile Actions for Facilitating Distributed Teams - ADO2019

0

110

No one is an island. Learnings from fostering a developers community.

21

3.6k

個人開発の失敗を避けるイケてる考え方 / tips for indie hackers

122

21k

The Cult of Friendly URLs

79

6.8k

Imperfection Machines: The Place of Print at Facebook

269

14k

How GitHub (no longer) Works

316

140k

Producing Creativity

PRO

348

40k

Digital Ethics as a Driver of Design Innovation

PRO

1

170

How to audit for AI Accessibility on your Front & Back End

0

180

Transcript

Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA
BREACH CASE STUDY
1. The Hack How it happened Tracing & attribution 2.
Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda
Using LinkedIn to Hack LinkedIn A little social engineering
4
5 (dramatic re-enactment of hacking into a server)
3 months later... Hack is uncovered on a message forum
7
Food for Thought A look back at Conﬁcker
Hackers always leave a trace Tracing & Attribution
None
Assessing impact Legal repercussions
6.5 million accounts
100+ million accounts
LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •
Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD
1. Secure conﬁguration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
1. Secure conﬁguration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
17
Food for Thought What do you think of the verdict?
Current day Where are they now?
20
21
22
Food for Thought Hack or no hack?
Read more at: cecy.dev Thank you!