For Sale: One billion Yahoo accounts for only 2 Lakh Dollars
New York, March 18: For Sale: One billion Yahoo accounts are up for sale at only 200,000 Dollar (About RS 13095620) or for the best offer, a media report has said.
According to the New York Times (NYT) report, the passwords of the accounts do not work, but don’t worry; the dates of birth, telephone numbers, and security questions of the accounts could still be useful to an expert cyberthief.
United States Federal prosecutors unsealed citations this week against four Russian men, including two hackers and two intelligence officers, responsible for a 2014 intrusion into Yahoo’s systems that affected 500 million user accounts.
Despite this, data on one billion accounts – stolen in another attack on the company in 2013 – appeared to remain available on underground hacker forums on Friday, the New York Times (NYT) report added.
The authorities were tight-lipped about their investigation of the 2013 attack, which is the largest known breach of a private company’s computer systems. The 2014 hacking of Yahoo’s servers is the second largest.
“We’re not willing to comment right now if there is a connection between the two investigations,” Malcolm Palmore, who oversees the Federal Bureau of Investigation’s (FBI) cyber security division in San Francisco, said on Wednesday in a brief interview after the government unveiled the indictments.
But the two attacks share some common characteristics and may be linked in some fashion.
Both of them involved highly skilled Russian hackers, according to cybersecurity experts who have studied the attacks. In both cases, the hackers had links to the Russian government. And in both cases, at least some of the data was used to send spam to Yahoo users.
Alexsey Belan, the technical expert who was charged with breaking into Yahoo’s systems in 2014 at the behest of two Russian intelligence officers, has a long record of cybercrime.
In 2012, he was indicted on three felony charges for hacking the computer systems of Zappos, the online shoe retailer owned by Amazon and stealing information on as many as 24 million customers.
In 2013, Alexsey Belan struck again, hacking into Evernote and Scribd, two digital document storage services, according to a federal indictment filed against him that June. Law enforcement authorities arrested him in Greece later that year, but he posted bail and fled to Russia.
Cyber security experts who have studied the incidents say the 2013 attack on Yahoo was most likely carried out by a different person. InfoArmor, an Arizona cybersecurity firm, has attributed it to a group of cyber thieves it calls Group E. That group sold the entire database at least three times, including once to an entity that InfoArmor believes was connected to the Russian government.
The indictment against Alexsey Belan filed this week is vague about how he and his three co-conspirators gained access to Yahoo’s systems.