Yahoo hacked by criminals, not state sponsor - expert

Yahoo president and CEO Marissa Mayer during a keynote address at the International Consumer Electronics Show. (AP, Julie Jacobson)
Yahoo president and CEO Marissa Mayer during a keynote address at the International Consumer Electronics Show. (AP, Julie Jacobson)

San Francisco - Yahoo! accounts were hacked in 2014 by cybercriminals rather than a state-sponsored party as the web portal claimed, according to an official with InfoArmor, a security company.

Hackers-for-hire using pseudonyms who are well known in the underground community broke into Yahoo’s data, said Andrew Komarov, chief intelligence officer with InfoArmor.

Yahoo said last week the attacker was a “state-sponsored actor,” and the stolen information from at least 500 million users may have included names, e-mail addresses, phone numbers, and, in some cases, un-encrypted security questions and answers.

“Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organisations,” Scottsdale, Arizona-based InfoArmor said Wednesday in a report.

“The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur.”

While Yahoo had pointed to a state actor when it disclosed the hack last week, the link to a nation state wasn’t iron-clad, two people familiar with the company investigation told Bloomberg News at that time.

Yahoo hasn’t yet released the evidence on which it based the link to a nation state. The company last week said the investigation is continuing.

Yahoo Chief Executive Officer Marissa Mayer is grappling with news of the hack as she prepares for a planned $4.8bn acquisition by Verizon Communications that’s set to close by early next year.

The report that the hack wasn’t state-sponsored doesn’t change Verizon’s initial position that it’s still evaluating the potential effect on the deal, according to a person familiar with the situation.

Yahoo declined to comment on the InfoArmor report.

Komarov said the group responsible for the breach at Yahoo had carried out hacks before 2014. One of the clients for the hacker group’s data before the Yahoo breach was a state-sponsored party, he said.

Read Fin24's top stories trending on Twitter:

ZAR/USD
16.77
(-0.03)
ZAR/GBP
21.15
(-0.12)
ZAR/EUR
18.95
(-0.03)
ZAR/AUD
11.66
(-0.03)
ZAR/JPY
0.16
(-0.09)
Gold
1798.22
(+0.06)
Silver
18.69
(+0.13)
Platinum
824.50
(+0.30)
Brent Crude
43.14
(+2.10)
Palladium
1961.36
(+0.61)
All Share
55417.89
(-0.66)
Top 40
51154.08
(-0.74)
Financial 15
10472.31
(+1.28)
Industrial 25
76134.69
(-1.67)
Resource 10
52483.78
(-0.20)
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Please select an option Oops! Something went wrong, please try again later.
Results
I'm not really directly affected
18% - 1952 votes
I am taking a hit, but should be able to recover in the next year
23% - 2547 votes
My finances have been devastated
34% - 3802 votes
It's still too early to know what the full effect will be
25% - 2731 votes
Vote