Yahoo was already being rebuked(and laughed at) for its negligence over the massive data breach which resulted in the leak of over 500 million user accounts in 2014. But, it is now under fire from cybersecurity experts who believe that the servers were actually breached by notable cybercriminals as compared to state-sponsored actors.
After months of investigation, Yahoo last week confirmed the rumors and stated that their servers came under attack from state-sponsored parties. And they were able to gain access to a database of roughly 500 million accounts, including names, email addresses, telephone numbers, dates of birth and hashed passwords.
But, cybersecurity firm InfoArmor, who has access to a portion of the leaked database, seems to believe otherwise.
We don’t see any reason to say that it’s state sponsored. Their clients are state sponsored, but not the actual hackers.
says Andrew Komarov, chief intelligence officer of InfoArmor Inc.
According to their investigative report, Yahoo servers were breached by a bunch of hackers, whom it calls ‘Group E’. They’ve thoroughly gone through the stolen data(confirmed by WSJ) and believe that the actual number of Yahoo accounts leaked affected coul be over a billion users. It is far more and almost double to that being officially reported by the company. This data dump is, however, expected to include a large number of dormant and bot accounts which are useless to cybercriminals.
The hack was conducted in segments, as the database dump is divided into over a hundred equal parts. It has also been delivered via different files that are organized alphabetically by the name of user accounts. The hacker group has already sold the entire database of leaked accounts atleast three times, with atleast one of them being a state-sponsored party who had interest in exclusive acquisition.
The actual Yahoo data dump is still not available on any underground forums or marketplaces, and has been distributed from so called Group “E” to one of their proxies for further monetization based on the sale of particular records from the dump, which can be delivered based on the specific criteria of the buyer (login, recovery e-mail, geography, etc.),
reads the official blogpost.
InfoArmor, or specifically Komarav has been tracking the activities of the hacker ‘Group E’ for the past years, and believes them to be Eastern European. It has also linked this group to previously (in)famous hacked websites including the likes of LinkedIn Corp., Dropbox Inc. and Myspace. You can head over here to read the complete report of the Yahoo breach investigation published by the cybersecurity firm.
For those unaware, the internet has previously been abuzz with rumors of hundreds of millions of Yahoo accounts on the platform being compromised in 2014, with their login data being sold on the dark web for a meager $1,800. And InfoArmor has confirmed the same.
After reading all the bad press press surrounding Yahoo, there is only question that comes to mind — Will the confirmation and further investigation of this breach effect the acquisition of core assets of the company by Verizon Communications Inc. for $4.8 billion? Because Yahoo in the regulatory filing, at that time, had stated that it wasn’t aware of any “security breaches” or “loss, theft, unauthorized access or acquisition” of user data. And just weeks later it had started investigating into reports of breach and the data being sold on the dark web.