In the beginning of 2014, Yahoo was only yet to know what grandiose cyber hack campaign was ahead of them. On September 22, 2014, the news broke out about 500 million accounts hacked and leaked email addresses, passwords, phone numbers, personal information, and the content of personal messages. This data breach case, called to be one of the biggest data leak cases in the cybersecurity history, immediately drew the attention of law enforcement institutions. Officers, IT experts, and ordinary netizens engaged into the discussions about the possible identity of the hackers. Some of them were certain the data leak of such massive scale could not have been conducted without the support of a nation-state or governmental institutions. It seems that they were not far from the truth.
Last year was not successful for Yahoo either. Throughout the year, several smaller data breach cases were disclosed, with the last occurred on December 14th involving 1 million hacked accounts. The continuous assaults on this domain encouraged the law enforcement institutions to hurry up with the investigation. As a result, on March 15th, 2017 the Department of Justice of the Unites States of America has finally presented the results and immediately issued accusations. In the 39-page indictment, they have found out that 2014 Yahoo data breach was only a part of a bigger cyber campaign.
The information obtained from the data breach was meant to develop cyber attacks on Google‘s Gmail, iTunes, and other well-known domains. The report reveals that two FSB Russian spies collaborated with local cyber criminals and payed 100 USD for each successful hijack. The main accusations fall on two Russian intelligence agency FSB officers, Dmitry Dokuchaev and Igor Sushchin. The other responsible cyber criminals are Alexsey Belan and Canadian hacker Karim Baratov. 2014 Yahoo data leak affected a wide range of ordinary users, diplomats, journalists, politicians of both, the White House and Russian government officials.
While the American and Russian governments continue fighting in a cyber war, you, an ordinary user, should take extra precautions not to become a victim of such massive cyber campaign. The recommendation to use complex passwords, comprised of letters, numbers, and characters, might sound like an annoying reminder; it is still relevant as surveys reveal users‘ habit of using “pasword123” or a similar guessable combination. Update your security applications, and glance to the URL bar once in a while to spot whether you are not redirected to a shady website.