A Russian hacker who was found guilty of hacking LinkedIn, Dropbox, and Formspring over eight years ago has finally been sentenced to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week.
Yevgeniy Aleksandrovich Nikulin, 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and now-defunct social-networking firm Formspring, and stole data on over 200 million users.
Between March and July 2012, Nikulin hacked into the computers of LinkedIn, Dropbox, and Formspring, and installed malware on them, which allowed him to remotely download user databases of over 117 Million LinkedIn users and more than 68 Million Dropbox users.
According to the prosecutor, Nikulin also worked with unnamed co-conspirators of a Russian-speaking cybercriminal forum to sell customer data he stole as a result of his hacks.
Besides hacking into the three social media firms, Nikulin has also been accused of gaining access to LinkedIn and Formspring employees' credentials, which helped him carry out the computer hacks.
"The Court also found that Automattic, parent company of Wordpress.com, was the victim of an intrusion by defendant, although there was no evidence that defendant stole any customer credentials," the Justice Department said.
Nikulin was arrested in Prague on October 5, 2016, by Interpol agents working in collaboration with the FBI, and extradited to the United States in March 2018 after a long extradition battle between the U.S. and Russia.
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
In 2016, the hacker was charged with nine felony counts of computer intrusion, aggravated identity theft, causing damage to a protected computer, trafficking in unauthorized access devices, and conspiracy.
However, after a long delay of trials due to the coronavirus pandemic, Nikulin was found guilty by a federal jury of the United States in early July this year and was sentenced to 88 months in prison on September 29.
U.S. District Judge William H. Alsup convicted Nikulin of selling stolen usernames and passwords, installing malware on protected computers, conspiracy, computer intrusion, and aggravated identity theft.
Prior to the sentencing hearing on September 29, federal prosecutors sought a sentence of 145 months in prison, that's over 12 years in prison, three years of supervised release, and restitution.
Nikulin has been in U.S. custody since his extradition from the Czech Republic and will be serving his sentence effect immediately.