A grand jury has issued a criminal indictment against Yevgeniy Aleksandrovich Nikulin, a 29-year-old Russian accused of hacking LinkedIn, Dropbox and a third web service.
The indictment, filed Thursday, was made public Friday night by the U.S. Department of Justice.
The federal government has now confirmed Nikulin was the Russian citizen arrested in Prague on Wednesday by Czech police.
He was wanted by the FBI in connection with the theft of 117 million LinkedIn passwords and login credentials.
LinkedIn had initially claimed that 6.5 million passwords were stolen in the 2012 attack. But in May, the company revealed the theft was actually 117 million.
Nikulin managed to break into the company’s computers in March 2012 because he stole the username and password of a LinkedIn employee who worked at the company’s Mountain View, California, headquarters, according to the indictment.
A few months later, he hacked into Dropbox and “obtained information,” according to court papers.
That summer he also allegedly broke into what was, at the time, a relatively unknown chatting social media site, Formspring. That time he also targeted a company employee, stealing the employee’s username and password.
This is a typical hacker tactic because it allows them to pose as an official employee and access a computer network.
He repeatedly “conspired to… traffic in… user names, email addresses and passwords,” according to the indictment.
In court papers, federal agents aren’t clear about what exactly Nikulin stole — or how he planned to profit from their sale online. But the government claims Nikulin worked with at least two others in the attempt to make the business deals.
He faces nine separate counts of crimes ranging from computer intrusion to aggravated identity theft — as well as trafficking in unauthorized access devices.
