If the September disclosure of Yahoo’s massive 2014 data hack wasn’t enough, recent revelations certainly tip the scales. The 2014 data hack had threatened 500 million accounts. Now, it was revealed that a 2013 data hack has apparently affected more than 1 billion users, including government employees. InfoArmor, an Arizona cyber security firm, claims that the data from this attack by an Eastern-European group of attackers, called Group E, was sold a number of times last August for $300,000 on the “dark web,” and is still offered for sale.
Sensitive User Data Compromised in the Hack and Put on Sale
The major data breach in 2013 was extensive and put sensitive user data in the hands of the attackers. The database included users’ names, email addresses, phone numbers, dates of birth and scrambled passwords. The intruders also obtained the security questions and backup email addresses used to reset lost passwords.
Nothing is known about what happened to this data over the next three years. The hackers used “forged ‘cookies’” – bits of code that stay in the user’s browser cache so that a website doesn’t require a login with every visit, wrote Yahoo’s chief information security officer, Bob Lord. The cookies “could allow an intruder to access users’ accounts without a password” by misidentifying anyone using them as the owner of an email account. The breach may be related to the theft of Yahoo’s proprietary code, Lord said, Andrew Komarov, chief intelligence officer at InfoArmor said the Eastern-European group of attackers, called Group E, were motivated by money.
The entire database was put to sale on the dark web in August for $300,000. The database was sold thrice: two spammers and a party that might be involved in espionage tactics. The first two buyers were large spamming groups that are on the Spamhaus Register of Known Spam Operations, or ROKSO, list. The other buyer gave the sellers a list of ten names of U.S. and foreign government officials and business executives, to verify their logins were part of the database. That led Komarov to speculate the buyer was a foreign intelligence agency.
Since Yahoo’s disclosure, bids for the data trove plummeted to as low as $20,000 after Yahoo forced a password reset for affected users.