You know that Yahoo breach that just happened recently? The one where 500 million credentials were stolen? Well, a highly respected security researcher claims the hack was done by the same group that breached MySpace, LinkedIn, Badoo, VK.com, and a few others.
The researcher in question is Andrew Komarov, and he told The Register that not only did the same group do all these things, but the number of breached Yahoo accounts is probably a billion. Double what was reported. He said the group, which is being called 'Group E', is a "small Eastern European hacking outfit”, that makes money by hacking big companies and selling their data to whoever is willing to pay.
In the case of Yahoo, the data was sold to a ‘unnamed nation-state actor group’, through a broker. According to Komarov, the broker goes by the name Tessa88 and is a Russian-speaking criminal. On September 22 2016, the news of Yahoo being breached detonated across the web. It was reported that the breach actually occurred back in 2014, and that ‘at least’ 500 million user account credentials were stolen.
Names, email addresses, telephone numbers, birthdays, even hashed passwords and some "encrypted or unencrypted security questions and answers,” were among the data taken. Banking and credit card data were safe, apparently. Interestingly enough, a hacker which goes by the name Peace (Peace_of_mind), tried to sell the data online.
That’s the same person which tried to sell a bunch of other data, including MySpace and LinkedIn.
Image Credit: Balefire / Shutterstock