Big Surprise – Russian indicted over LinkedIn and Dropbox mega-breaches

A Russian citizen has been arrested in the Czech Republic and indicted in connection with massive breaches: the 2012 attack on LinkedIn and the subsequent attack on Dropbox.

The man, 29-year-old Yevgeniy Nikulin, from Moscow, also allegedly targeted Formspring, a social networking service now known as that’s a portal for the dating service Twoo.

According to the indictment, unsealed on Friday, Nikulin allegedly targeted a LinkedIn employee with malware so as to steal his access credentials.

The 2012 LinkedIn leak meant that millions of passwords for the professional networking site were dumped online.

That’s bad enough, but then came the news that 60% of the enormous trove of credentials had been cracked within hours.

It got worse from there. At the time of the breach, “only” 6.5 million encrypted (but not salted!) passwords had been posted online. However, we learned in May that in fact  117 million LinkedIn account emails and passwords up for sale.

After Nikulin and unnamed co-conspirators had allegedly turned LinkedIn upside down, it was Dropbox’s turn.

Two months ago, Dropbox forced password resets after stumbling across some 68 million sets of user credentials posted online that it believed were stolen in a 2012 breach.