Yahoo’s hack was an act carried out by professional hackers and it wasn’t a result of action of state-sponsored actors, a new analysis of the Yahoo hack has claimed.
While sate-sponsored actors may have played a role subsequently – that of a buyer of the hacked credentials – the actual attack was carried out by professional hackers who have links with previous high-profile hacks. Security researchers at InfoArmor have revealed based on the analysis of some of the hacked data that the attack wasn’t a state-sponsored one and was an act of hackers who intended to leverage the stolen data for their own malicious deeds as well as profit from the data by selling it in underground forums.
InfoArmor security experts reveal in their report that the first time Yahoo’s data was available for sale online was in April 2016 and for nearly two years the data didn’t surface online. To this date, the entire data dump isn’t available; however, whatever is available, most part of it “is not legitimate,” and contains invalid, deleted and nonexistent accounts.
The analysis states that to sensationalise the whole incident for private gains, the attackers “misrepresented this data set”. The hackers sold the data to “a state-sponsored party who had interest in exclusive database acquisition” and also to “cybercriminals who planned to use the data for spam campaigns against global targets.”
The hack occurred in late 2014 affecting some 500 million users worldwide, according to Yahoo’s disclosure last week. The news has drawn criticism from US lawmakers who question why it took Yahoo two years to publicly disclose the breach.
“We are even more disturbed that user information was first compromised in 2014, yet the company only announced the breach last week,” said a letter to Yahoo signed by six US senators. “Consumers put their trust in companies when they share personal and sensitive information with them, and they expect all possible steps be taken to protect that information.”