Hacked Yahoo data is for sale on the dark web

Three buyers have each paid $300,000 for the information, says cybersecurity firm chief

Yahoo doesn’t know who broke into its systems in 2013. Photograph: Reuters

Yahoo doesn’t know who broke into its systems in 2013. Photograph: Reuters


Some time around August 2013, hackers penetrated the email system of Yahoo, one of the world’s largest and oldest providers of free email services.

The attackers quietly scooped up the records of more than 1 billion users, including names, birth dates, phone numbers and passwords that were encrypted with an easily broken form of security.

Nobody knows what happened to the data during the next three years. But last August, a geographically dispersed hacking collective based in eastern Europe quietly began offering the whole database for sale, according to Andrew Komarov, chief intelligence officer at InfoArmor, an Arizona cybersecurity firm. Three buyers paid about $300,000 (€288,000) each for a complete copy of the database, he said.

The attack, which Yahoo disclosed on Wednesday, is the largest known data breach of a company. And neither Yahoo nor the public had any idea it had occurred until a month ago, when law enforcement authorities came to the company with samples of the hacked data from an undisclosed source.

Yahoo still does not know who broke into its systems in 2013, how they got in or what they did with the data, the company said on Wednesday. It has made more progress tracking down a separate hacking episode in 2014, which compromised 500 million email accounts and was disclosed in September.

Government entity

The company has said it believes the 2014 attack was sponsored by a government entity but has not identified it.

The two huge breaches revealed this autumn threaten to erode consumer confidence in the company and are endangering its deal to sell its internet businesses to Verizon Communications for $4.8 billion.

On Thursday, Yahoo’s stock plunged 6 per cent as investors worried that Verizon would abandon the purchase. It rebounded about 1 per cent on Friday.

Yahoo said Thursday that it could not verify Mr Komarov’s claims, which were made public in a Bloomberg article on Wednesday.

The FBI said in a statement that it was investigating the Yahoo breach. US attorney general Eric T Schneiderman of New York also said his office was in touch with Yahoo to examine the circumstances of the data breach.

– (New York Times Service)