As if 2016 wasn’t shitty enough for Yahoo – which admitted to two separate breaches that saw 500 million users’ and then 1 billion users’ details stolen by hackers – the New York Times reports that a billion-user database was sold on the Dark Web last August for $300,000.
That’s according to Andrew Komarov, chief intelligence office at security firm InfoArmor. He told NYT that three buyers, including two prominent spammers and another who might be involved in espionage tactics purchased the entire database at the aforementioned price from a hacker group believed to based in Eastern Europe.
Hate spammy ICOs and crappy cryptocurrencies?
So do we.
It’s lovely to know that it only costs $300,000 to be able to threaten a billion people’s online existence – which means each account is only worth $0.0003 to hackers who can ruin your life online in a matter of minutes.
Yahoo also doesn’t yet know who made off with all the data from the attack in 2013, which is said to be the largest breach of any company ever.
In addition to full names, passwords, birth dates and phone numbers, the database also contains security questions and backup email addresses that could help with resetting forgotten passwords.
That’s worrying, because these details may be common to several other online services and accounts, and could make many users vulnerable to phishing attacks which can feature accurate personal information in scammy emails to coax them into handing over things like their bank account, credit card and social security numbers.
Komarov told Bloomberg that more than 150,000 US government and military employees’ details were also found in the database, which means that hackers could target those users’ accounts to threaten national security.
Yahoo has said that it hasn’t been able to verify Komarov’s claims yet; meanwhile, the FBI said in a statement that it’s investigating the breach.
Komarov noted that the database is still up for sale, though bids for it have nove plummeted as low as $20,000 as Yahoo has forced a password reset.
It’ll be interesting to see what this revelation spells for the future of Yahoo, which is set to be sold to Verizon for $4.8 billion. Following the news of the 500 million-user breach earlier this year, the telcom giant said it wanted a billion-dollar discount on the deal. At this point, though, it seems like it might be better off walking away empty-handed.