US Government charges two Russian spies for 2014 Yahoo data breach
Hacked accounts anyone?

US Government charges two Russian spies for 2014 Yahoo data breach

By Cameron Abbott and Giles Whittaker

US federal authorities have charged 4 men – including 2 Russian spies – in regards to the massive 2014 Yahoo data breach that resulted in the stolen data of over 500 million Yahoo accounts in 2014.

It is speculated that the Russian government used the information obtain to conduct a range of espionage activities, including the targeting of “Yahoo trade secrets that contained, among other data, subscriber information including users; names, recovery email accounts, phone numbers and certain information required to manually create or “mint,” account authentication web browser “cookies” for more than 500 million Yahoo accounts” according to an indictment.

In addition to the above Alexsey Belan – a 29 Latvian born Russian national – was able to steal financial information such as gift cards and credit card numbers from webmail accounts and used the accounts to profit from earning commissions on fraudulently redirecting a subset of Yahoo’s search engine traffic.

As the frequency and severity of cyber attacks increase, Director of the FBI James Comey identified the priority “to pierce the veil of anonymity surrounding cyber crimes,” and that US national security authorities “are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests.”

Hacked accounts anyone?

By Cameron Abbott and Giles Whittaker

Have you been hacked? If you are the user of a Google, Yahoo or Microsoft e-mail account then it is a possibility. Alex Holden, the founder and Chief Information Officer of Hold Security who discovered the hack has identified 272.3 million account credentials have been stolen. The majority of these accounts are users of Mail.ru which is Russia’s most popular e-mail service.

57 million Mail.ru account credentials had been hacked and Mail.ru “are now checking any combinations of usernames/passwords match users’ e-mails and are still active”, from initial checks there were no live combinations.

Google and Yahoo are yet to provide any response.

This recent hack, which was performed by a young Russian hacker who is more determined to become famous than rich from his recent efforts after only asking for 50 roubles (less than $1) for the entire dataset, is one of the biggest collection of stolen credentials since the attacks on major US banks and retailers two years ago. The information which was stolen, as suggest by Holden in an interview with Reuters is “potent [and] it is floating around in the underground…which can be abused multiple times.”

Some of the stolen credentials include those for employees of large US banking, manufacturing and retail companies. When considering that 22 percent of big data breaches come from stolen online credentials (according to a recent survey of 325 computer professional) and hacks of this nature typically allow for further break-ins or phishing attacks by accessing the contacts of each hacked account, the domino effect of a hack such as this is substantial. Furthermore, individuals that like to re-use their preferred passwords across multiple accounts have exposed themselves to additional hacks.

So what is the take away message? According to Will Harwood, founder and Chief Technology Officer of Silicon SAFE, the solution as he told Infosecurity is to put the “password data in a dedicated hardware supported database that only allows data to be stored and compared, never revealed.”

For more of Will Harwood’s security suggestions and the Infosecurity article click here.

To read more about Alex Holden’s discovery of the Russian hacker click here.

Copyright © 2024, K&L Gates LLP. All Rights Reserved.