A week has passed since Yahoo was subjected to the worst data breach in history. Yet, there have been no profound details made known about who nabbed info on 500 million email accounts remain sketchy.
At least one firm says it wasn’t a “state-sponsored actor” as Yahoo claimed, but like many things related to hacks, cybersecurity and the dark web, even that claim is impossible to verify.
“The group responsible for the Yahoo hack are cybercriminals,” said Andrew Komarov, chief intelligence officer at InfoArmor. The company posted a report on Wednesday detailing the involvement of “Group E,” a hacking syndicate that InfoArmor says it has been monitoring in dark corners of the internet for some time.
The FBI is currently investigating the data breach but hasn’t put forward a theory publicly about who is behind it.
“We take these types of breaches very seriously and will determine how this occurred and who is responsible,” the FBI said in a statement.
Komarov said InfoArmor was able to obtain “a pretty large sample of the database” of stolen email addresses, encrypted passwords and other personal information. With the permission of people whose information was caught up in the hack, the company checked the database and found it corresponded with real Yahoo accounts from 2014.
Details of the breach were confirmed shortly within weeks of the Democratic National Committee’s emails being hacked, exposing the Democrats’ attempt to smear former presidential candidate Bernie Sanders.
Other large-scale company security breaches include Dropbox, which announced earlier this month that 68m users’ accounts were compromised in 2012, representing two thirds of its customer base. Some 167m LinkedIn users’ account details were leaked the same year.
Sony Pictures Entertainment also suffered an attack with around 47,000 social security numbers of current and former employees leaked online, including those of actors and freelancers.
This year, around 37m users of Ashley Madison, a site to facilitate extramarital affairs, were hacked. More than 400m MySpace accounts were compromised in July, the second largest breach in history.