Included among the more than 1 billion Yahoo accounts compromised by a 2013 security breach disclosed Wednesday were those of at least 150,000 U.S. government and military employees, according to a researcher who first discovered the stolen data being sold online.
Before Yahoo went public this week with details of the recently discovered data breach — the second of its kind to be announced by the company since September — the trove of compromised user credentials was spotted being sold online by Andrew Komarov, the chief intelligence officer for InfoArmor, an Arizona-based cybersecurity firm.
Mr. Komarov stumbled upon the data while investigating an Eastern European hacking ring known as “Group E” and saw that its participants were trying to sell a database containing hundreds of millions of stolen Yahoo accounts for $300,000, Bloomberg News reported Thursday.
During the course of investigating the group, Mr. Komarov said that he was able to intercept the stolen data as the hackers successfully sold the information three separate times. Before that third transaction was finalized, however, Mr. Komarov said that the buyer reached out to Group E and asked to confirm that the database contained the names of 10 specific government officials and business executes from the U.S. and aboard.
“The third buyer was potentially a foreign intelligence organization because the questions they were asking were very specific,” he told the Bay Area News Group this week. “This was very concerning to me because with any state-supported actor these government and military employees would be their first target.”
The unusual request piqued the researcher’s interest, and prompted him contact law enforcement officials in the U.S. and U.K. in late October, who in turn alerted Yahoo about the database of stolen account information, Bloomberg reported.
Yahoo acknowledged in a regulatory filing soon after that it was investigation claims concerning a compromise unrelated to a separate breach disclosed in September, and confirmed on Wednesday this week that more than 1 billion users had been affected by the breach spotted first by security researcher.
According to Mr. Komarov, the billion-plus compromised users include tens of thousands of government and military employees who had opened personal accounts with Yahoo, but nonetheless risk having their federal work accounts compromised as well.
Users affected in the breach disclosed Wednesday had their names, passwords, telephone numbers, security questions, birthdates and backup email addresses compromised by hackers, giving whomever currently holds that data information that could potentially be used to easily hijack the victims’ other accounts.
“The Yahoo hack makes cyber espionage extremely efficient,” Mr. Komarov told Bloomberg this week. “Personal information and contacts, email messages, objects of interest, calendars and travel plans are key elements for intelligence-gathering in the right hands. The difference of the Yahoo hack between any other hack is in that it may really destroy your privacy, and potentially have already destroyed it several years ago without your knowledge.”
The roughly 150,000 well-placed victims discovered by Mr. Komarov include current and former White House staff, U.S. congressmen and employees of the FBI, NSA and CIA, among others, Bloomberg reported.
White House spokesman Josh Earnest said Thursday the FBI is investigating the most recent breach.
“There was a previously reported breach that the FBI had previously indicated that they were investigating and they’re investigating this situation as well, so I’ll let them speak to what they have found over the course of that investigation thus far,” he said.
Yahoo declined to comment when reached by Bloomberg this week with regards to the security researcher’s claims. In an earlier statement Wednesday, Yahoo said it has taken steps to secure affected user accounts and was working closely with law enforcement.
Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.