The long arm of U.S. justice may well have finally caught up with one of the individuals behind the 2012 breach of social networking site LinkedIn. Czech police (Policie Ceske Republiky) announced on Oct. 18 that with the help of an international Interpol Red Notice alert, they apprehended an unnamed man who was wanted by the FBI.
Interpol defines a Red Notice as a request “to seek the location and arrest of wanted persons with a view to extradition or similar lawful action.”
According to the Czech police statement, the suspect was arrested in a hotel near the center of Prague. The police account noted that the suspect was surprised by police and offered no physical resistance. After the arrest, the suspect collapsed and the police rendered first aid.
The Czech police statement noted that alleged hacker’s extradition to the United States will now be decided by judicial authorities. LinkedIn for its part is appreciative of law enforcement’s actions.
“Following the 2012 breach of LinkedIn member information, we have remained actively involved with the FBI’s case to pursue those responsible,” LinkedIn said in a statement sent to eWEEK. “We are thankful for the hard work and dedication of the FBI in its efforts to locate and capture the parties believed to be responsible for this criminal activity.”
In June 2012, LinkedIn first publicly admitted that it was the victim of a data breach. At the time, LinkedIn claimed that 6.5 million user accounts were stolen by attackers.
In May 2016, it was revealed that the 2012 estimate of the data breach impact was inaccurate. On May 18, Cory Scott, director of information security at LinkedIn, revealed that approximately 100 million LinkedIn users were at risk from the 2012 breach.
The increased user exposure from the data breach was brought to light by way of an attacker who was attempting to sell the LinkedIn data online. In May, LinkedIn publicly stated that it was taking steps to protect users.
“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords,” Scott stated at the time.
While LinkedIn invalidated the passwords of those impacted by the breach, it’s unclear how much collateral damage the breach may have caused. It is common for many users to reuse the same password on many sites, and as such the leaked LinkedIn passwords could well have also been used to enable attacks on other sites and online services.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.