Yahoo data breach exposes details of 150,000 government, military workers
On Thursday, Yahoo announced that it suffered a massive security breach as malicious hackers stole approximately one billion user accounts in 2013 were those of at least 150,000 U.S. government and military employees. Hackers not only stole email addresses and passwords, but also users’ names, birth dates, security questions, backup email addresses, and phone numbers, all of which were encrypted with an outdated MD5 message-digest algorithm.
The details of compromised user credentials were discovered being sold on the Dark Web by Andrew Komarov, the chief intelligence officer for InfoArmor, an Arizona-based cybersecurity firm, for $300,000 each to three different parties. (The dark web is an encrypted network only accessible through software like the privacy program Tor.) The announcement of the recently discovered data breach is the second of its kind to be announced by Yahoo since September.
“We found that the Yahoo dump had a very big number of users who worked for the government or military and used Yahoo for personal purposes,” Komarov said in an interview Thursday. He said hackers could easily find the secondary email used for password recovery and that would lead them to the user’s governmental – and perhaps high-security – identity. “And it wasn’t just the US users; we found a big number of government employees in the UK, Australia and Canada, too.”
Komarov stumbled upon the stolen data while investigating the hackers known as Group E, cybercriminals based in Eastern Europe with a track record of hacking Dropbox, Tumblr and Russia-based social network VK.com. He found that its participants were trying to sell a database containing hundreds of millions of stolen Yahoo accounts for $300,000, Bloomberg News reported Thursday.
Komarov intercepted the database in the middle of the sales and found that two of the buyers were huge underground spamming groups. However, before the third transaction was finalized, Komarov said that the buyer reached out to Group E and produced a list of ten names of U.S. and foreign government officials and industry executives, and asked them to confirm that their logins were included in the stolen online loot — or else no deal. This signalled to Komarov that the buyer must be an agency involved in foreign intelligence.
“The third buyer was potentially a foreign intelligence organization because the questions they were asking were very specific,” Komarov said. “This was very concerning to me because with any state-supported actor these government and military employees would be their first target. And since the incidents was not disclosed by Yahoo for three years, that means people were using the Yahoo database to possibly monitor these individuals,” he added.
The unusual request piqued Komarov’s interest, and prompted him to contact law enforcement officials in the U.S. and U.K. in late October, who in turn notified Yahoo about the database of stolen account information, Bloomberg reported.
In a press release, Yahoo said, “As we previously disclosed in November, law enforcement provided us with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.”
The Yahoo attack is different than other hacks, Komarov said, and poses danger to more than just government employees. “The Yahoo hack makes cyber espionage extremely efficient. Personal information and contacts, email messages, objects of interest, calendars and travel plans are key elements for intelligence-gathering in the right hands. The difference of the Yahoo hack between any other hack is in that it may really destroy your privacy, and potentially have already destroyed it several years ago without your knowledge, ” he added.
The roughly 150,000 well-placed victims discovered by Komarov include current and former White House staff, U.S. congressmen and employees of the FBI, NSA and CIA, among others.
White House spokesman Josh Earnest said Thursday that the FBI is investigating the most recent breach.
“There was a previously reported breach that the FBI had previously indicated that they were investigating and they’re investigating this situation as well, so I’ll let them speak to what they have found over the course of that investigation thus far,” he said.
It is recommended that Yahoo users reset their passwords as soon as possible and beware of emails asking for personal information. Also, if the same password and security questions have been used elsewhere, request to have them changed urgently.