Yevgeniy Nikulin aka Linkedin hacker, a Russian national was found guilty of hacking into LinkedIn, Dropbox, and Formspring and selling their data on the dark web.
On 29 September 2020, a 32-year old hacker from Moscow, Russia, received 88 months or seven years jail time for hacking LinkedIn, Dropbox and Formspring. The hacker accessed these firms’ servers, infected computers to install malware, and stole databases containing details of over 200 million users.
The data breach, dubbed one of the largest in US history, occurred between March and July 2012.
A San Francisco federal court found Nikulin guilty of hacking the servers of LinkedIn, Formspring, and Dropbox around eight years back. He will be spending his sentence in a US prison.
Reportedly, Nikulin used malware to hack the computer network of these firms and remotely downloaded encrypted passwords and their user databases. It is worth noting that the LinkedIn hacker downloaded over 68 million Dropbox accounts and roughly 117 million LinkedIn users.
Moreover, Nikulin collaborated with unnamed, Russian-speaking co-conspirators from a cybercriminal forum to sell the stolen user data. He was also accused of accessing Formspring and LinkedIn employees’ credentials to hack the companies’ computers.
As per the court documents, the defendant targeted WordPress.com’s parent company Automattic, but there is no proof of any data theft.
The accused was arrested on 5 October 2016 from Prague, Czech Republic, through joint efforts by the Interpol and the FBI. He was extradited to the US in Mar 2018.
In 2016, Nikulin was charged with nine felony counts of aggravated identity theft and computer intrusion, causing damage to a protected computer, conspiracy, and trafficking in unauthorized access devices. He faced a six-day jury trial and was convicted in San Francisco. This was the first post-pandemic trial in Northern California.
According to San Francisco U.S. Attorney David Anderson, while sentencing Nikulin, US District Judge William Alsup stated that he wanted to send a strong message to deter hackers, especially those operating outside the US.