Skip to main content

How much is the hacked Yahoo database worth? Try $300,000

Yahoo Hacked: User Info Stolen From Over 1B Accounts
It’s been yet another bad week for Yahoo, the perpetually beleaguered internet giant based in Sunnyvale, California. This past September, we learned of an enormous 2014 hack into its user database that compromised 500 million accounts. That would be the tip of the iceberg, as this week another larger hack came to light — a staggering billion accounts were hacked in 2013.

When you’re dealing with numbers of this size, a lot of money goes along with it. The New York Times says that last August, a shadowy “hacking collective in Eastern Europe” began offering the hacked data for sale — this from Andrew Komarov, who is chief intelligence officer at InfoArmor, a cybersecurity outfit out of Arizona that deals in “advanced threat intelligence” and monitors the seamy areas of the internet that are populated by crooks, scammers, spammers, and spies. The Times says that “two known spammers and an entity that appeared more interested in espionage paid about $300,000 each for a complete copy of the database.”

Related Videos

Komarov also noted that his company got a copy of the database and informed various military and law enforcement authorities in various countries of the incident, including the United States, Australia, Canada, Britain, and the EU “After those parties verified the authenticity of the stolen records, he said, some of them went to Yahoo with their concerns.”

He also said in the interview that he didn’t approach Yahoo directly “because the internet giant was dismissive of the security firm when approached by an intermediary. He also said he “did not trust Yahoo to thoroughly investigate the breach since it could threaten the sale to Verizon.”

Komarov’s claims first surfaced in this Bloomberg article, which states that Komarov watched the hacker group he calls “Group E” sell the database three times, and “was able to intercept the database during the sales. ” Two buyers were large spammers on the Spamhaus Register of Known Spam Operations (ROKSO) list. And here’s where it gets even trickier. Bloomberg adds the the other buyer “gave the sellers a list of ten names of U.S. and foreign government officials and business executives, to verify their logins were part of the database. That led Komarov to speculate the buyer was a foreign intelligence agency.”

Ah, and let’s not forget that sale to Verizon. Besides the ongoing questions of how this could happen — twice that we know of — and why did it take so long for the information to come to light, the bigger issue of Verizon looms. Do they want to move forward with their purchase of the net behemoth with a discounted price, or wash their collective hands of the entire proposed $4.83 billion acquisition?

In the Times, Verizon spokesman Bob Varettoni offered nothing new on his company’s stance, and offered a conservative boilerplate comment. “’As we’ve said all along, we will evaluate the situation as Yahoo continues its investigation,’” he said. “’We will review the impact of this new development before reaching any final conclusions.’”

Editors' Recommendations

Was your Facebook account hacked in the latest breach? Here’s how to find out
what facebook users should know about cambridge analytica and privacy mobile v1

After revealing that a security vulnerability discovered in late September allowed hackers to gain access to an estimated 50 million accounts, Facebook's current report suggests that the number of impacted users is closer to 30 million.

"We now know that fewer people were impacted than we originally thought," Facebook said in a blog post. "Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen."

Read more
British Airways data hack hits 380,000 recent customers
british airways cabin crew given ipads

One of the world's biggest airlines has been targeted by hackers.

British Airways said the data breach involves around 380,000 customers who used its website or mobile app between August 21 and September 5 to book a flight or vacation.

Read more
Yahoo’s 2013 data breach is worse than believed — 3 billion users were affected

In December 2016, Yahoo disclosed that its servers were hacked way back in 2013, compromising the sensitive personal data of around 1 billion users. On Tuesday, Yahoo's new parent company, Verizon, confirmed that the initial estimate was a bit low -- in fact, all Yahoo accounts were compromised in the 2013 hack. That's 3 billion users, making it the largest data breach in history.

"Subsequent to Yahoo's acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft," reads a statement from Verizon subsidiary Oath.

Read more