SAN FRANCISCO (CBS SF) — A Russian man convicted of stealing 117 million LinkedIn passwords in 2012 in addition to hacking into two other Bay Area tech companies has been sentenced to more than seven years in prison, authorities confirmed on Wednesday.
United States Attorney David L. Anderson and FBI Special Agent in Charge John L. Bennett announced that 32-year-old Russian national Yevgeniy Alexandrovich Nikulin was sentenced to 88 months in prison for hacking into LinkedIn, Dropbox and the now-defunct social networking company Formspring. The sentence was handed down by U.S. District Judge the Honorable William H. Alsup.
A jury found Nikulin guilty of hacking into computers belonging to LinkedIn, Dropbox and Formspring, as well as damaging computers belonging to LinkedIn and Formspring by installing malware on them, stealing and using login credentials for employees at LinkedIn and Formspring, and selling and conspiring with others to sell customer data stolen as a result of his hacks.
Trial evidence showed that Nikulin was living in Moscow when he committed the crime, hacking into a computer belonging to a Bay Area-based LinkedIn employee and installing malicious software that allowed him to control the computer remotely and to use the employee’s credentials to access LinkedIn’s corporate VPN.
Once he had access to corporate systems, Nikulin stole a database containing LinkedIn users’ login information, including encrypted passwords. Evidence demonstrated that Nikulin committed similar intrusions and thefts of data at Dropbox and at Formspring.
The Court additionally found that Automattic, parent company of WordPress.com, was the victim of an intrusion by defendant, although there was no evidence that defendant stole any customer credentials. The jury came to a guilty verdict after a six-day trial, authorities said.
Nikulin was arrested while traveling in the Czech Republic on October 5, 2016, and extradited to the United States to face trial on March 30, 2018.
When discussing the reasons for imposing the 88-month prison term, Judge Alsup said he hoped the sentence would send a message to deter anyone, including persons living overseas, from engaging in similar crimes.
Nikulin’s trial began in March, but was suspended after just two days due to the COVID-19 pandemic and ensuing closure of the federal courthouse. The trial resumed on July 7, 2020, with the defendant, the attorneys and Judge Alsup wearing masks and the courtroom configured to allow social distancing by all participants.
Witnesses testified from behind a glass panel to allow testimony to be given while maintaining social distancing. The trial was broadcast via Zoom to allow the public to view the proceedings without entering the courthouse. Nikulin has been in U.S. custody since his extradition from the Czech Republic and will begin serving his sentence immediately, according to authorities.
The prosecution of the case was the result of an investigation by the Federal Bureau of Investigation, with agents receiving assistance from authorities in the Czech Republic, the U.S. Secret Service and the U.S. Department of Justice’s Criminal Division, Office of International Affairs.