Backstory

The data breach occurred on Yahoo! servers in August 2013; Yahoo! stated this was conducted by an "unauthorized third party". Data had been taken from over 1 billion user accounts, including unencrypted security questions and answers. Yahoo! reported the breach on December 14, 2016, and forced all affected users to change passwords, and to reenter any unencrypted security questions and answers to make them encrypted in the future. In February 2017, Yahoo! notified some users that data from the breach and forged cookies could have been used to access these accounts. This breach is now considered the largest known breach of its kind on the Internet. In October 2017, Yahoo! updated its assessment of the hack, and stated that it believes all of its 3 billion accounts at the time of the August 2013 breach were affected.

According to Yahoo! this new breach was discovered while it was reviewing data given to them from law enforcement from an unnamed third-party hacker about a month prior. They had been able to identify the method by which data were taken from the last 2014 hack using fake cookies during this investigation, but the method of the August 2013 breach was not clear to them upon their announcement. Andrew Komarov, chief intelligence officer of the cybersecurity firm InfoArmor, had been helping Yahoo! and law enforcement already in response to the Peace data. In trying to track down the source of Peace's data, he discovered evidence of this latest breach from a dark web seller offering a list of more than one billion Yahoo! accounts for about $300,000 in August 2015. While two of the three buyers of this data were found to be underground spammers, the third buyer had specifically asked the seller of the Yahoo! data to affirm if ten names of United States and foreign government officials were on the offered list and information associated with them. Suspecting that this buyer may have been related to a foreign intelligence agency, Komarov discovered that the offered data included the accounts of over 150,000 names of people working for the United States government and military, as well as additional accounts associated with European Union, Canadian, British, and Australian governments.

Komarov alerted the appropriate agencies about this new data set and began working with them directly. Komarov noted that while U.S. government policies have changed to keep key intelligence employees as low-key as possible, these affected users likely set up Yahoo! accounts for personal use well before such policies were in place, and included their work details as part of their profiles, making this information highly valuable for foreign intelligence groups. Komarov had opted not to go to Yahoo! about the data, as they had previously been dismissive of InfoArmor's services in the past, and Komarov believed that Yahoo! would not thoroughly investigate the situation as it would threaten their Verizon buyout.

In addition to government issues, Komarov and other security firms warned that the data from this breach can be used to attempt access to other accounts, since it included backup email contact addresses and security questions. Such data, these experts warn, could be used to create phishing attacks to lure users into revealing sensitive information which can then be used for malicious purposes. Hold Security, another cybersecurity firm, observed that some darkweb sellers were still selling this database for up to $200,000 as late as October 2016; Komarov found that the data continues to be available at a much lower price since the passwords have been forced changed, but the data can still be valuable for phishing attacks and gaining access to other accounts.

Yahoo! stated that the 2013 breach is connected "to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016." White House spokespersons stated that the FBI is currently investigating this breach, though the scope of its impact is unclear. A United States official, speaking to CBS News, says that government investigators agree with Yahoo! that the hack was sponsored by a foreign state, possibly Russia. Security experts speculate that because little of the data from this 2013 breach have been made available on the black market, the breach was likely targeted to find information on specific people.

Yahoo!'s delay in discovering and reporting these breaches, as well as implementing improved security features, has become a point of criticism. Yahoo! has been taken to task for having a seemingly lax attitude towards security: the company reportedly does not implement new security features as fast as other Internet companies, and after Yahoo! was identified by Edward Snowden as a frequent target for state-sponsored hackers in 2013, it took the company a full year before hiring a dedicated chief information security officer, Alex Stamos. While Stamos' hiring was praised by technology experts as showing Yahoo!'s commitment towards better security, Yahoo! CEO Marissa Mayer had reportedly denied Stamos and his security team sufficient funds to implement recommended stronger security measures, and he departed the company by 2015. Experts have pointed out that Yahoo!, only until the most recent breaches, had not forced affected users to change their passwords, a move that Mayer and her team believed would drive users away from the service. Some experts stated that implementing stronger security measures does take monetary resources, and Yahoo!'s financial situation has not allowed the company to invest in cybersecurity.

Yahoo!'s internal review of the situation found that Mayer and other key executives knew of the intrusions but failed to inform the company or take steps to prevent further breaches. The review led to the resignation of the company's principle lawyer, Ronald S. Bell by March 2017, and Mayer's equity compensation bonus for 2016 and 2017 were pulled.

Source: Wikipedia