14 DAY TRIAL // Yahoo acknowledged yesterday that hackers breached its systems and stole approximately 1 billion accounts, and now it turns out that the full database is available for purchase online.
The NYT writes that the 1 billion accounts that were stolen from Yahoo were sold on the Dark Web in August for $300,000, and what’s worse is that there were three different buyers who agreed to pay the price to gain control of the database.
Andrew Komarov, chief intelligence office at security firm InfoArmor, said two of the buyers were “prominent spammers,” while the third is believed to be involved in espionage attacks and might be planning to use the 1 billion accounts for similar tactics.
The price of the database, however, is believed to have dropped substantially after the story went public and Yahoo triggered a password reset, so interested buyers might have to pay only $20,000 for the full database.
It’s believed that the hacker group that breached Yahoo is based in Eastern Europe, but the company said it still doesn’t know if this is accurate or not. The firm, however, confirmed that the stolen information included names, passwords, phone numbers, security questions and answers, which obviously creates additional risks in case the same credentials were used on other websites.
And this doesn’t stop here. According to the same report, the accounts included approximately 150,000 US government and military employees, which means that their data is now available on the Dark Web. It goes without saying that officials from other countries are very likely to be among those whose accounts got hacked.
Yahoo could not be trusted
Interestingly, Komarov says his company obtained a copy of the database earlier this year, and got in touch with authorities in the United States and other countries, including those in the EU, Canada, and Australia.
What’s worrying, however, is that Komarov says that Yahoo wasn’t the first party approached after the hack was discovered because “he did not trust Yahoo to thoroughly investigate the breach since it could threaten the sale to Verizon,” and that the firm was dismissing of the security company when it was contacted by an intermediary party.
“The Yahoo hack makes cyber espionage extremely efficient,” Komarov was quoted as saying. “Personal information and contacts, e-mail messages, objects of interest, calendars and travel plans are key elements for intelligence-gathering in the right hands. The difference of Yahoo hack between any other hack is in that it may really destroy your privacy, and potentially have already destroyed it several years ago without your knowledge.”
Users with a Yahoo account are recommended to reset their passwords as soon as possible and, in case the same credentials were used elsewhere, to change them urgently.