Yahoo’s double data breach: “He was on the FBI’s ten most wanted fugitives list.”

During August of 2013, Yahoo experienced the first of two data breaches.

Yahoo! was the world’s biggest website until September 2010 when Google took the number one slot (and has remained there to this day). 
 
Founded in January 1994, Yahoo was originally called Jerry and David’s Guide to the World Wide Web. 

Like Google, they offer a range of services past being a search engine – including Yahoo Mail. 

One thing about Yahoo which went unnoticed for a long time is that it had one of the largest data breaches ever recorded with 3 billion users affected.

3 billion user accounts

Although, these breaches were not announced until years after they’d happened, they were only made public when Yahoo was trying to sell itself to Verizon in 2016. 

During August of 2013, Yahoo experienced the first of two data breaches – believed to have affected over 1 billion accounts. This was not divulged until December of 2016. 

Around a year later in 2014, they experienced another breach affecting around 500 million user accounts, this was also not divulged until 2016. 

It took until 2017 for Yahoo to confirm that the figure of 1.5 billion affected user accounts was grossly miscalculated. 
 

It was, in fact, 3 billion user accounts.  

Russia’s Federal Security Service

The hackers took details such as phone numbers, email addresses, hashed passwords, security questions and answers and dates of birth. 

Yahoo believes that the 2014 breach was caused by web cookies which were made to falsify login details. This allowed the hackers access to any account without a password. 

Security experts believed that because there were minimal amounts of data from this breach on the black market, the purpose was likely to have been to get information on specific people. 

The FBI charged four men for the 2014 attack, two of which were found to be working for Russia’s Federal Security Service. 

The FBI said: “The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale.” 

FBI’s ten most wanted

Alexsey Belan was among the four men accused, he was on the FBI’s ten most wanted fugitives list. 

Karim Baratov, a Canadian hacker, was extradited to the US but pled not guilty to the charges. He later pled guilty and was charged with nine counts of hacking. 

In 2018 he was given a five-year prison term and has to pay over $2 million to the victims. 

These events led to Yahoo being sold for around $350 million less than the original asking price. Verizon paid $4.48 billion for Yahoo in the end. 

For information on how to protect your business from scams and attacks, contact us and we’ll walk you through our industry-leading cyber security options.