A San Francisco jury has found Russian national Yevgeniy Nikulin guilty of one of the biggest data breaches in US history. Nikulin has been convicted of hacking LinkedIn and Dropbox back in 2012, which resulted in the theft of 117 million usernames and passwords that he tried to sell to other people on Russian—language forums. He was also found guilty of trafficking Formspring data. The massive breach served as a catalyst for Dropbox to roll out two-factor authentication and an automated feature that checks on suspicious activity.
Nikulin was arrested in the Czech Republic and charged with nine felony counts back in 2016. He has since been incarcerated in various jails. Both the US and Russia submitted extradition requests for him, but the Czech Republic ultimately decided to extradite him to the US in 2018.
According to Cyberscoop, Judge William Alsup questioned the evidence the prosecution provided and expressed doubts that the government could prove its case. Regardless of Alsup’s doubts, Nikulin is now scheduled to be sentenced on September 29th. He’s facing up to 10 years on prison for each count of selling stolen logins and installing malware, as well as five years for each count of hacking and conspiracy. US Attorney David Anderson said in a statement:
“Nikulin’s conviction is a direct threat to would-be hackers, wherever they may be. Computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans. American law enforcement will respond to that threat regardless of where it originates.”