What Happened
In 2012, LinkedIn suffered a major data breach on June 5 when Russian hacker Yevgeniy Nikulin stole hashed passwords for approximately 6.5 million user accounts—initially reported as the full scope—though the hack actually compromised data for 117-167 million users, including email addresses and unsalted SHA-1 hashed passwords that were easily cracked using rainbow tables. LinkedIn responded by forcing password resets for affected accounts and later improved security with salting and hashing, but in May 2016, additional stolen data from the same breach surfaced for sale on dark web markets like The Real Deal, prompting further resets for pre-2012 accounts unchanged since the incident. Nikulin was convicted and sentenced to 88 months in prison for the crime, which involved stealing employee credentials to access the network, and LinkedIn settled a related class-action lawsuit for $1.25 million.
