LinkedIn Hacking Suspect Also Implicated in 2012 Dropbox Breach

The DOJ unseals its indictment against Yevgeniy Nikulin, alleging that the 2012 breaches of LinkedIn and Dropbox were related.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

LinkedIn, Dropbox hacks

The U.S. Department of Justice revealed late Oct. 21 that the individual first apprehended by Czech police on Oct. 5 in connection with the 2012 breach of LinkedIn is actually allegedly responsible for two of the largest breaches of that year.

When Czech police first publicly disclosed that they had apprehended an individual in connection with the LinkedIn breach, few details were made public and even the name of the arrested individual was withheld. That changed on Oct. 21, with the DOJ publicly unsealing an indictment against 29-year-old Yevgeniy Nikulin.

According to the indictment, not only did Nikulin breach LinkedIn, but he also breached Dropbox, as well as Formspring, in 2012. The indictment also states Nikulin had two co-conspirators, though neither is formally named by the DOJ.

"In all, Nikulin is charged with three counts of computer intrusion; two counts of intentional transmission of information, code, or command causing damage to a protected computer; two counts of aggravated identity theft; one count of trafficking in unauthorized access devices; and one count of conspiracy," the DOJ stated in a release.

The unsealed indictment also provides new insight into the 2012 attacks. Nikulin's attacks were spread across several months in 2012, with LinkedIn attacked in March, Dropbox between May and July, and Formspring in June, the indictment states.

Full details on how Nikulin allegedly breached all three sites are not formally disclosed in the unsealed indictment, though it does indicate that Nikulin gained unauthorized access to a LinkedIn employee's credentials.

"Nikulin knowingly transmitted a program, information, code and command to a computer belonging to LinkedIn employee N.B. and thereby caused damage without authorization," the indictment alleges.

The Dropbox and LinkedIn breaches had not previously been officially connected as the actions of the same attacker. The Dropbox 2012 breach resurfaced in August 2016, as a listing of stolen usernames and passwords was put up for sale. In total, 68 million passwords were breached in the Dropbox 2012 attack. The 2012 LinkedIn breach also became news again in 2016 as that site's breached usernames and passwords were offered for sale in May. The LinkedIn breach resulted in 100 million usernames and passwords being at risk.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.