Get All Access for $5/mo

Russian Hackers Indicted for Yahoo Breaches Two Russian hackers initiated a breach that affected more than 500 million Yahoo user accounts, the Department of Justice says.

By Tom Brant

This story originally appeared on PCMag

via PC Mag

When Yahoo disclosed last year that more than 500 million of its user accounts had been hacked, the company blamed state-sponsored hackers. Now there's proof that some of those hackers were working for a Russian spy agency.

A federal grand jury indicted four alleged hackers on Wednesday, including two officers of the Russian Federal Security Service (FSB). The defendants stole information from at least 500 million Yahoo accounts, according to the U.S. Department of Justice, using it to hack into numerous accounts at other email providers and even steal credit card numbers.

The indicted hackers are FSB officers Dmitry Dokuchaev and Igor Sushchin, Russian national Alexsey Belan and Canadian Karim Baratov. They conspired to hack Yahoo as early as 2014, according to the DOJ, and were successful in repeatedly accessing the company's user accounts until September 2016, when Yahoo disclosed the breach and notified potentially affected users.

The indictment includes 47 counts of conspiracy to commit espionage, wire fraud, computer device fraud and identity theft, among other crimes. Belan initiated the hack in November 2014 by stealing Yahoo's cookie "minting" source code, which enabled the defendants to manufacture account cookies to then gain access to individual user accounts, according to the indictment.

Some of the accounts the hackers had access to include those belonging to Russian journalists, U.S. and Russian government officials and employees of financial, transportation and other companies, the DOJ said. The individual targets were not disclosed. U.S. Attorney General Jeff Sessions said in a statement that the attack was "one of the largest data breaches in history."

"The indictment unequivocally shows the attacks on Yahoo were state-sponsored," Yahoo Assistant General Counsel Chris Madsen said in a statement. "We are deeply grateful to the FBI for investigating these crimes and the DOJ for bringing charges against those responsible."

After it disclosed the state-sponsored attack in September, Yahoo announced an even larger breach that affected 1 billion user accounts in December. The company said the two attacks were likely unrelated, though it was unable to identify how the 1 billion accounts in the second attack were compromised. Earlier this month, Yahoo also revealed a breach of 32 million accounts.

All these attacks ultimately jeopardized the Yahoo-Verizon deal; in February, Verizon reduced its purchase price of Yahoo by $350 million.

Tom Brant

News reporter

Tom is PCMag's San Francisco-based news reporter. 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business News

Apple Reportedly Isn't Paying OpenAI to Use ChatGPT in iPhones

The next big iPhone update brings ChatGPT directly to Apple devices.

Business News

Sony Pictures Entertainment Purchases Struggling, Cult-Favorite Movie Theater Chain

Alamo Drafthouse originally emerged from bankruptcy in June 2021.

Growing a Business

He Immigrated to the U.S. and Got a Job at McDonald's — Then His Aversion to Being 'Too Comfortable' Led to a Fast-Growing Company That's Hard to Miss

Voyo Popovic launched his moving and storage company in 2018 — and he's been innovating in the industry ever since.

Marketing

Are Your Business's Local Listings Accurate and Up-to-Date? Here Are the Consequences You Could Face If Not.

Why accurate local listings are crucial for business success — and how to avoid the pitfalls of outdated information.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

'Passing By Wide Margins': Elon Musk Celebrates His 'Guaranteed Win' of the Highest Pay Package in U.S. Corporate History

Musk's Tesla pay package is almost 140 times higher than the annual pay of other high-performing CEOs.