Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison in the United States for hacking LinkedIn, Dropbox, and Formspring in 2012.
Nikulin first breached LinkedIn between March 3 and March 4, 2012, after infecting an employee’s laptop with malware first and then using the employee’s VPN to access LinkedIn’s internal network.
He stole around 117 million user records which includes usernames, passwords and emails. The stolen data from Linkedin were used to launch spear-phishing attacks against employees at other companies, including Dropbox.
Nikulin breached Dropbox between May 14, 2012 and July 25, 2012, and gathered data of around 68 million Dropbox users containing usernames, emails and hashed passwords.
Moreover, he also breached the now-defunct social networking company Formspring between June 13, 2012, and June 29, 2012 when he hacked into one of its employee’s account and used it to access the company network. He stole 30 million user details from the company database.
All the stolen data were available for sale on the cybercrime underground between 2015 and 2016. Nikulin was arrested in Prague in October 2016 in an international joint operation with the FBI.
While in prison he refused to cooperate with the authorities or to plead guilty. He was found guilty by a United States jury in early July.
Nikulin’s lawyers argued that the hacker had already been in custody for a total of 48 months. He was sentenced to 88 months in prison, of which he will serve 74 months, minus the time already served. So, it’s just a little over two years before he will be released.
Nikulin was also sentenced to three years of supervised release and the judge ordered to pay restitution of $1 million to LinkedIn, $514,000 to Dropbox, $20,000 to Formspring, and $250,000 to WordPress parent company Automattic.
Image Credits : InCare Technologies