X

Alleged LinkedIn hacker extradited from Czech Republic to US

Yevgeniy Nikulin is charged with aggravated identity theft in the hack that compromised usernames and passwords for more than 100 million accounts.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
See full bio
Laura Hautala
2 min read
The outline of a computer keyboard superimposed over a purple and green circuit board.

Alleged hacker Yevgeniy Nikulin was extradited to the US this week.

 James Martin/CNET

A Russian man accused of orchestrating hacks of LinkedIn, Dropbox and Springform systems in 2012 is now on US soil after being extradited from the Czech Republic to San Francisco.

The US Department of Justice indicted Yevgeniy Nikulin in 2016 with aggravated identity theft and computer intrusion that compromised millions of usernames and passwords. Nikulin traveled to Prague and was arrested in October 2016. Soon after, he was subject to two competing extradition orders. One was from the US, and the other was from Russia.

Nikulin appeared in a San Francisco federal courtroom on Friday. He denies all the charges, according to CNN.

"Computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans," US Attorney General Jeff Sessions said in a statement. "This is deeply troubling behavior once again emanating from Russia."

Watch this: Accused LinkedIn hacker extradited to US

Extraditions of Russians accused of hacking are rare. The Russians accused of hacking Yahoo in 2012 are still at large in Russia, although one person accused of working with them has been extradited from Canada. The US hasn't indicted any of the Russians it says are responsible for the hacks on the Democratic National Committee and other organizations leading up to the 2016 elections in the US. In March, the White House announced sanctions against Russia for the alleged hacking campaign.

LinkedIn, Dropbox and Formspring (now under the brand Twoo) all experienced hacks of millions of their users' account information in 2012. 

"We've been actively monitoring the FBI's case to pursue those responsible for the 2012 breach of LinkedIn member data," LinkedIn said in a statement. "We are glad to see this progress and appreciate the hard work of law enforcement to resolve this investigation."

Dropbox and Formspring didn't immediately respond to requests for comment.

The Russian Embassy in the US didn't immediately respond to a request for comment.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Blockchain Decoded:  CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.