Back in 2013, Yahoo was hacked and over one billion users account information was stolen and put up for sale on the dark web. The offer stands as $200,000 or best offers. Even though the passwords are available, the dates of birth, telephone numbers and even security questions could be extremely useful if put in the wrong hands.
The Feds alerted Yahoo of the hack after seeing the information for sale on the cyber underground. Their investigation afterward led to the indictment of four men who they believed responsible. Yet even after the prosecutors unsealed indictments against the four men, the one billion user information still seems to be up for sale.
While these four men aren’t responsible for the 2013 hack, which earned the title of being the largest known breach of any company’s private security, they are, however, responsible for the second largest hack which took place just a year later.
Yet the Feds seem to be keeping the details of both investigations secret. Malcolm Palmore is in charge of the cyber security division in the Federal Bureau of Investigation and commented, “We’re not willing to comment right now if there is a connection between the two investigations.”
Although both events were done at separate times, they both tend to have one thing in common. The culprits allegedly responsible were Russian hackers. This is from cyber security experts who have been studying the attacks. The experts have deduced that both Yahoo attacks were connected to the Russian government and part of the data was used to send spam to Yahoo users.
One of the two men who were indicted for the 2014 Yahoo hacking, Alexsey Belan, is known as a tech expert who worked for two Russian intelligence officers. Belan also has a pretty long list of cyber crimes to add to his record. Yet his recent indictment, along with his three cohorts, failed to release how the gang managed to get access to Yahoo systems. It’s safe to say, however, that they aren’t novice hackers.
In fact, he was indicted back in 2012 for three felony charges that included hacking Zappos which is an online shoe store owned by Amazon. His hack of Zappos robbed nearly 24 million customers of their information. It was a year later that Balen hacked Evernote and Scribd used as digital storage services by millions of consumers. He was arrested in Greece but managed to post bail and flee to Russia.
Yet cyber security experts say that Yahoo incident back 2013 was conducted by different individuals. Those at InfoArmor, which is a cyber security firm located in Arizona, say that the hack could be attributed to a group named Group E. Reportedly Group E sold the whole database about three times. One of those times, InfoArmor believes, was in connection to the Russian government.
The two Russian intelligence agents that were indicted in connection with the 2014 Yahoo breach were accused of working with Belan and another hacker to hold their own spying operation. Yet the Russian government has since denied the allegations or involvement with the Yahoo hackings.
The F.B.I. did say that the entire hack on Yahoo’s systems started with a phishing attack. One of Yahoo’s employees was deceived into releasing info that opened the door for the entire scheme. The breach was recognized in 2014 but Yahoo security didn’t realize how severe the entire situation had become.
After telling the public about the breach in security, the company then prompted its users to change their passwords. It was not long afterward that all one billion accounts were posted for sale on the darkest part of the internet where all types of cyber criminals lurk. The sellers of the information even say that they retain continued access to Yahoo information. This was proved false when a cyber security agent posed as prospective buyer seeking proof of access and the thieves couldn’t produce any new account information.
Both hacks on Yahoo had a major impact on the deal the company was making with Verizon Communications. Yahoo had intended to sell to Verizon but after the hacks were made known to the public, Verizon wanted to drop its price down by $925 million from the original number. However, there was an announcement just last month that Verizon would only cut $350 million from its price.
This breach in security for Yahoo proves just how unsafe the internet can be. It’s advised that users change their password every ninety days. Security experts say its important not to use birthdays, pet names, or anything that will be easy for a hacker to guess. Yahoo says that since both incidents all potholes in its security system have been filled and, for the time being at least, users are safe.