Main

stayontheblack.com

Technology

Yahoo called out on "state sponsored hack"

Oct 02 2016

The Yahoo logo is displayed in front of the Yahoo headqarters

InfoArmor's claims dispute Yahoo's contention that a "state-sponsored actor" was behind the data breach, in which information from 500 million user accounts was stolen.

The company believes the theft of a half-billion Yahoo user credentials was carried out by cybercriminals in Eastern Europe.

Yahoo said last week that it only recently discovered the intrusion, which it blamed on a state-sponsored actor without providing technical evidence. InfoArmor now suggests otherwise; stating that Yahoo was actually compromised by a group of professional blackhats known as "Group E", of which the company has been tracking for a number of years. Six days ago, Ars Technica's Dan Goodin contacted I-Dressup to tell them that they were leaking more than 5.5 million cleartext passwords, and that a hacker had already downloaded 2.2 million of them.

InfoArmor recommends that the Security Community use appropriate due diligence in evaluating any threat actor claims regarding legitimate data sources.

The researchers said the first mention of Yahoo data for sale on "dark" online markets occurred in April 2016.

In an interview with Wired, but also in a conversation on Jabber with your reporter, Peace_of_Mind said he was representing a larger group of Russian hackers.

There are more than 100 different parts to the data Group E had, and the files are organized alphabetically by the names of user accounts, InfoArmor noted.

Data such as usernames, passwords, email addresses, telephone numbers, dates of birth, and security questions and answers were stolen from Yahoo platforms including Yahoo Mail, Flickr, Yahoo Finance, and Yahoo Fantasy Sports. With the permission of people whose information was caught up in the hack, the company checked the database and found it corresponded with real Yahoo accounts from 2014.

Yahoo didn't immediately respond to requests for comment.

Yet it took a full year after Snowden's initial disclosures for Yahoo to hire a new chief information security officer, Alex Stamos. However, Yahoo didn't recognize some of the other IDs. Employees say the move was rejected by Mayer's team for fear that even something as simple as a password change would drive Yahoo's email users to other services.

"The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected."
Another senator, Mark Warner, D-Va., has asked the Securities and Exchange Commission to investigate Yahoo's disclosures to investors regarding the incident.


Related News