Yahoo hacked by criminals, not state sponsor - expert

Yahoo president and CEO Marissa Mayer during a keynote address at the International Consumer Electronics Show. (AP, Julie Jacobson)
Yahoo president and CEO Marissa Mayer during a keynote address at the International Consumer Electronics Show. (AP, Julie Jacobson)

San Francisco - Yahoo! accounts were hacked in 2014 by cybercriminals rather than a state-sponsored party as the web portal claimed, according to an official with InfoArmor, a security company.

Hackers-for-hire using pseudonyms who are well known in the underground community broke into Yahoo’s data, said Andrew Komarov, chief intelligence officer with InfoArmor.

Yahoo said last week the attacker was a “state-sponsored actor,” and the stolen information from at least 500 million users may have included names, e-mail addresses, phone numbers, and, in some cases, un-encrypted security questions and answers.

“Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organisations,” Scottsdale, Arizona-based InfoArmor said Wednesday in a report.

“The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur.”

While Yahoo had pointed to a state actor when it disclosed the hack last week, the link to a nation state wasn’t iron-clad, two people familiar with the company investigation told Bloomberg News at that time.

Yahoo hasn’t yet released the evidence on which it based the link to a nation state. The company last week said the investigation is continuing.

Yahoo Chief Executive Officer Marissa Mayer is grappling with news of the hack as she prepares for a planned $4.8bn acquisition by Verizon Communications that’s set to close by early next year.

The report that the hack wasn’t state-sponsored doesn’t change Verizon’s initial position that it’s still evaluating the potential effect on the deal, according to a person familiar with the situation.

Yahoo declined to comment on the InfoArmor report.

Komarov said the group responsible for the breach at Yahoo had carried out hacks before 2014. One of the clients for the hacker group’s data before the Yahoo breach was a state-sponsored party, he said.

Read Fin24's top stories trending on Twitter:

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
ZAR/USD
16.36
(-0.18)
ZAR/GBP
21.17
(+0.41)
ZAR/EUR
19.11
(+0.59)
ZAR/AUD
11.52
(+0.20)
ZAR/JPY
0.16
(+0.27)
Gold
1869.91
(-0.49)
Silver
23.35
(-0.25)
Platinum
852.00
(-2.01)
Brent Crude
39.48
(-4.73)
Palladium
2194.00
(-2.16)
All Share
51896.97
(-0.79)
Top 40
47576.46
(-0.74)
Financial 15
9756.70
(-2.69)
Industrial 25
72681.12
(-0.25)
Resource 10
47826.96
(-0.63)
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Please select an option Oops! Something went wrong, please try again later.
Results
Yes, and I've gotten it.
23% - 132 votes
No, I did not.
51% - 290 votes
My landlord refused
26% - 151 votes
Vote