Yahoo hacked by ‘professional’ criminals: Researchers

By: |
Washington | Published: September 30, 2016 4:43:35 AM

The massive theft of Yahoo user data disclosed last week came from "professional" hackers seeking to profit from the breach, according to an analysis by security researchers.

"Yahoo was compromised in 2014 by a group of professional blackhats (hackers) who were hired to compromise customer databases from a variety of different targeted organizations," the report said. (Reuters)“Yahoo was compromised in 2014 by a group of professional blackhats (hackers) who were hired to compromise customer databases from a variety of different targeted organizations,” the report said. (Reuters)

The massive theft of Yahoo user data disclosed last week came from “professional” hackers seeking to profit from the breach, according to an analysis by security researchers.

The analysis published yesterday by the security firm InfoArmor, which claims to have seen some of the data, contrasts with Yahoo’s claim that the attack was likely “state-sponsored,” but did suggest that stolen data was sold to a state-sponsored group at one point.

“Yahoo was compromised in 2014 by a group of professional blackhats (hackers) who were hired to compromise customer databases from a variety of different targeted organizations,” the report said.

The researchers said the first mention of Yahoo data for sale on “dark” online markets occurred in April 2016. They added that the vast majority of the data “is not legitimate,” and includes invalid, deleted and non-existent accounts but that the attackers “misrepresented this data set in order to sensationalize and sell it for the purpose of monetizing” the data.

The hackers sold the data to “a state-sponsored party who had interest in exclusive database acquisition” and also to “cybercriminals who planned to use the data for spam campaigns against global targets.”

The hack occurred in late 2014 affecting some 500 million users worldwide, according to Yahoo’s disclosure last week.

It was not immediately clear if the disclosure would affect the sale of Yahoo’s core business to telecom group Verizon for $4.8 billion.

The news has drawn criticism from US lawmakers who question why it took Yahoo two years to publicly disclose the breach.

“We are even more disturbed that user information was first compromised in 2014, yet the company only announced the breach last week,” said a letter to Yahoo signed by six US senators.

“Consumers put their trust in companies when they share personal and sensitive information with them, and they expect all possible steps be taken to protect that information.”

Get live Stock Prices from BSE and NSE and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Next Stories
1Domestic cement demand to touch 6% in FY17: ICRA
2Ford appoints Rajendra “Raj” Rao as CEO of subsidiary
3Interest rates on small savings schemes cut by 0.1 percent