Last year it was disclosed the news of the 2014 Yahoo data breach that compromised over 500 million Yahoo user accounts.
At the time of the public disclosure made by Yahoo, the representatives of the company added that security experts suspect the involvement of nation-state actors.
“We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.” reads the security notice issued by Yahoo.
“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.”
The US authorities have charged two Russian intelligence officers and two criminal hackers of have taken part in 2014 Yahoo hack.
The four defendants are:
The members of the group are charged of:
“A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo’s network and the contents of webmail accounts.” the Department of Justice announced yesterday.
According to the prosecutors, the hackers accessed at least 30 million accounts as part of a spam campaign aimed to steal the email contents of thousands of people.
According to the indictment, Belan downloaded the Yahoo database, an archive containing usernames, recovery e-mail accounts, phone numbers as well as “certain information required to manually create, or “mint,” account authentication web browser “cookies” for more than 500 million Yahoo accounts.”
Once obtained the information, the hackers used it to gain unauthorized access to the contents of accounts at other webmail providers, including Google. Russian and American officials, Russian journalists, employees of financial services and other businesses were privileged targets of the gang.
The United States authorities have requested extradition for all the suspects arrested in Russia, but it’s difficult due to the absence of extradition treaty with Russia.Let’s close with a note on the hackers, according to the Assistant Attorney General Mary McCord they were not involved in the DNC hack.
(Security Affairs – 2014 Yahoo data breach, DoJ)