Last week, Yahoo revealed it had been hacked and information on one billion user accounts had been stolen. It appears that the hackers had put the database up for sale and it has fetched a handsome sum of money.
The data breach is separate to the one that Yahoo revealed back in September. The stolen data may have included “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers”.
Yahoo has said the hacking happened in 2013. We now know what criminal operation is behind the attack. According to InfoArmor chief intelligence officer Andrew Komarov, it was by Group E, which is made up of four cybercriminals from Eastern Europe and Russia. The group sells compromised data, mainly to spammers that monetise that data.
Komarov believes the database has been sold to three different buyers for around $300,000 each.
According to Threatpost:
The concern now is that the data has been in the hands of spammers and other hackers for more than three years. Spammers could generate massive amounts of spam from the stolen Yahoo data, with Group E and spammers monetizing the stolen database many times over. The issue of password reuse is a real risk given the relative ease with which MD5-encrypted passwords can be decrypted, as the hackers can try to takeover accounts at other online services using the stolen Yahoo credentials.
You can find out more about what Komarov has to say about the Yahoo breach over at Threatpost.