Credit: http://www.pymnts.com/news/security-and-risk/2016/yahoos-massive-breach-could-affect-hundreds-of-millions-of-users/
Finally, things are beginning to unfold as investigations into recent Yahoo email hack near conclusion. The Justice Department has brought charges against two Russian intelligence officers over the role they played in recent attacks on emails of 500 million Yahoo account owners.
According to the Justice Department, the data stolen by the two intelligence officers were used by the Russian government to spy on a range of targets, reports The New York Times. Some of the targets allegedly spied on by the information obtained include, the White House, military officials, American cloud computing companies, an airline, a gambling regulator based in Nevada, and bank executives among others.
“Cyber crime poses a significant threat to our nation’s security and prosperity, and this is one of the largest data breaches in history,” said Attorney General Sessions. “But thanks to the tireless efforts of U.S. prosecutors and investigators, as well as our Canadian partners, today we have identified four individuals, including two Russian FSB officers, responsible for unauthorized access to millions of users’ accounts. The United States will vigorously investigate and prosecute the people behind such attacks to the fullest extent of the law.”
Russians have been accused of other cyberattacks on the United States — most notably the theft of emails last year from the Democratic National Committee. But the Yahoo case is the first time that federal prosecutors have brought cybercrime charges against Russian intelligence officials, according to the Justice Department.
The two Russian intelligence officers charged Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, worked for an arm of Russia’s Federal Security Service—they were accused of helping the hackers avoid being detected.
In 2016, Yahoo confirmed in two separate statements that hackers had breached users’ accounts, but assured that investigation was ongoing at the time. The two attacks caused some ripples, and almost led to the collapse of the proposed agreements between Verizon and Yahoo. Recall that Verizon was at the time finalizing the process of acquiring Yahoo.
Yahoo said the attackers were able to access the accounts without the use of passwords after stealing the company’s source code used in generating cookies. This led the company to invalidate cookies, which enabled it to lock out the hackers.
Below is a statement as posted on the official website of the Justice Department:
“The defendants used unauthorized access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies. One of the defendants also exploited his access to Yahoo’s network for his personal financial gain, by searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign.”
