A billion Yahoo accounts, on sale for $200,000. The passwords are useless, but the dates of birth, telephone numbers and security questions is useful to an paranoid hacker.
After federal prosecutors said four men were responsible for a 2014 hack into Yahoo that breached 500 million user accounts, data and one billion accounts stolen in another attack on the company a year earlier.
The authorities did not speak a word about their investigation of the 2013 Yahoo attack, which is the largest known breach on a private company’s. The 2014 hacking of Yahoo’s servers is the second largest.
Malcolm Palmore, incharge of the Federal Bureau of Investigation’s cybersecurity division in San Francisco, said on Wednesday in a brief interview. “We’re not willing to comment right now if there is a connection between the two investigations.”
However, at the orders of two Russian intelligence officers, Alexsey Belan, a technical expert out of those men, charged with breaking into Yahoo’s systems in 2014.
Federal prosecutors announced the indictment against Mr. Belan filed this week is uncertain about how he and his three co-conspirators gained access to Yahoo’s systems.
The Russian government has denied all allegations on any involvement in any hacking of Yahoo’s servers.
Read More: Some Amazing Facts About Yahoo
1 billion Yahoo accounts on sale, despite hacking indictments
Yahoo declined to comment on Friday. But stated in a statement relating to attack on 2013, that the company had not able to detect the intrusion. But that it was “likely distinct” from the attack in 2014.
F.B.I. officials said during a briefing with reporters in San Francisco on Wednesday, that the breach into Yahoo’s server appeared to have begun with a spear-phishing attack. In this Yahoo employee was skilfully tricked into disclosing information about yahoo helping the attackers to launch their attack.
According to securities filings made by the company, its security officials did noticed a breach in 2014. But they initially believed that it was a small breach. Senior executives were aware of the attack but fooled, the company said.
In September, Yahoo publicly disclosed the 2014 breach. It disclosed the 2013 attack in December and forced its users to change their passwords immediately.
The breached Yahoo database of one billion accounts was on sale or offer for $200,000.
However, Mr. Holden, the Hold Security founder, called it “an exorbitant amount of money.” where a single address is priced at $10,000.
Mr. Holden, posing as a buyer’s representative, asked the sellers to prove their access by giving him data about two new accounts, they failed to do so.
Yahoo had patched up their security holes and said that the exploit by the hackers will be no more.
Yahoo and Verizon Communications were in a $4.8 billion deal last summer to sell its internet businesses to Verizon Communications. But the the two attacks had threatened Verizon to cut $925 million from the original selling price. Later two companies agreed to a $350 million reduction last month.