DOJ Indicts Alleged Hacker Over 2012 LinkedIn, Dropbox Breaches | eWeek

LinkedIn Hacking Suspect Also Implicated in 2012 Dropbox Breach

LinkedIn Hacking Suspect Also Implicated in 2012 Dropbox Breach
Oct 24, 2016
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The U.S. Department of Justice revealed late Oct. 21 that the individual first apprehended by Czech police on Oct. 5 in connection with the 2012 breach of LinkedIn is actually allegedly responsible for two of the largest breaches of that year.

When Czech police first publicly disclosed that they had apprehended an individual in connection with the LinkedIn breach, few details were made public and even the name of the arrested individual was withheld. That changed on Oct. 21, with the DOJ publicly unsealing an indictment against 29-year-old Yevgeniy Nikulin.

According to the indictment, not only did Nikulin breach LinkedIn, but he also breached Dropbox, as well as Formspring, in 2012. The indictment also states Nikulin had two co-conspirators, though neither is formally named by the DOJ.

“In all, Nikulin is charged with three counts of computer intrusion; two counts of intentional transmission of information, code, or command causing damage to a protected computer; two counts of aggravated identity theft; one count of trafficking in unauthorized access devices; and one count of conspiracy,” the DOJ stated in a release.

The unsealed indictment also provides new insight into the 2012 attacks. Nikulin’s attacks were spread across several months in 2012, with LinkedIn attacked in March, Dropbox between May and July, and Formspring in June, the indictment states.

Full details on how Nikulin allegedly breached all three sites are not formally disclosed in the unsealed indictment, though it does indicate that Nikulin gained unauthorized access to a LinkedIn employee’s credentials.

“Nikulin knowingly transmitted a program, information, code and command to a computer belonging to LinkedIn employee N.B. and thereby caused damage without authorization,” the indictment alleges.

The Dropbox and LinkedIn breaches had not previously been officially connected as the actions of the same attacker. The Dropbox 2012 breach resurfaced in August 2016, as a listing of stolen usernames and passwords was put up for sale. In total, 68 million passwords were breached in the Dropbox 2012 attack. The 2012 LinkedIn breach also became news again in 2016 as that site’s breached usernames and passwords were offered for sale in May. The LinkedIn breach resulted in 100 million usernames and passwords being at risk.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.