Cyber security firm InfoArmor says criminal hackers for hire are to blame for the Yahoo hack in 2014
Hackers for an Eastern European criminal gang were responsible for the Yahoo data breach that saw the personal information of at least 500 million Yahoo users swiped.
According to cyber security firm InfoArmor, the attack did not come from state-sponsored hackers as was initially suspected by Yahoo, but rather an organised gang of blackhat hackers hired to compromise the databases of several organisations. InfoArmor’s findings have yet to be confirmed by Yahoo or other cyber security firms or investigators.
“Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations,” InfoArmor said in a report. “The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur.”
The hackers motivation seems to have stemmed from a money-making operation where they sell on the stolen information for significant sums. through the black market using other hackers as fences for the pilfered data. Though InfoArmor noted that some hackers were selling fkain information rather than actual Yahoo account details.
Data breach and leak
While the massive data leak occurred recently the hack attack on Yahoo happened in 2014, which has prompted US senators to probe Yahoo CEO Marissa Mayer on the way the company handled the data loss.
“A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” said Bob Lors Yahoo’s CISO.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”
While this goes on, Yahoo said it will be notifying potentially affected user and prompting them to change their passwords, as well as invalidate unencrypted security questions.
The company noted it is also working on enhancing its security systems to better detect and prevent unauthorised access to user’s accounts.
“Through strategic proactive detection initiatives and active response to unauthorised access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure,” Lors promised.
For Yahoo, the timing of the leaked data could not be worse as it is currently in the process of being bought by Verizon for £3.7 billion.
Mark James, a security specialist at cyber security firm ESET, noted that the hack is significant and not one to be brushed under the carpet.
“500 million accounts is huge by any standards, we sometimes get a little blasé as the numbers get higher but let’s not make any mistakes here, that’s a lot of customers’ information stolen here,” he said.
“Data breaches are on the up, it’s almost a daily occurrence but the damage it causes is massive. The data may be used for immediate financial gain or used later along with more information to enable identity theft or phishing attacks either way it could be very damaging for the victim.”
Unfortunately, such hacks and data breaches are not uncommon, especially for Yahoo, who along with Microsoft and Google found millions of stolen email account credentials online earlier this year.