A jury in San Francisco convicted Russian citizen Yevgeny Nikulin after a series of hacks and cyberthefts eight years ago that targeted major U.S. social-media companies such as LinkedIn and Dropbox.
The District Court for the Northern District of California on Friday said Nikulin would be sentenced September 29.
Nikulin, 32, faces up to 10 years in prison for each count of selling stolen usernames and passwords, installing malware on protected computers, as well as up to five years for each count of conspiracy and computer hacking.
According to U.S. prosecutors, Nikulin in 2012 stole the usernames and passwords of tens of millions of social media users to access their accounts. Some of that data was put up for sale on a Russian hacker forum.
Nikulin, who last year was examined by court-ordered psychologists amid concerns about his mental health, had pleaded not guilty to the charges.
His lawyer, Arkady Bukh, vowed to appeal the verdict, which he called a "huge injustice."
Nikulin was detained in the Czech Republic in October 2016 and extradited to the U.S. 17 months later.
The move angered Moscow, which had asked Czech authorities to extradite Nikulin to his home country, citing him as a suspect in a $2,000 online theft in 2009.
Nikulin's trial started in California in early March but was interrupted by the coronavirus pandemic a week later, when nearly all in-person court hearings were postponed across the United States.