LinkedIn Data Breach (2012, Discovered 2016)

LinkedIn's 2012 breach exposed 117 million user credentials through SQL injection and poor password storage. Initially, LinkedIn reported only 6.5 million accounts affected, but in 2016, the full scope emerged when the complete database appeared for sale on the dark web.

Technical failures included:

# LinkedIn's flawed approach (reconstructed)
# Vulnerable query construction
query = "SELECT * FROM users WHERE username = '" + username + "'"

# Weak password hashing (SHA-1 without salt)
password_hash = hashlib.sha1(password.encode()).hexdigest()
# Easily crackable with modern hardware

Lessons learned:

Disclosure Transparency: Initial underreporting damaged trust
Password Security: SHA-1 without salt was inadequate even in 2012
Long-Term Impact: Stolen data remains valuable years later
Cross-Platform Risk: Many users reused LinkedIn passwords elsewhere