Eastern European organized crime, not state-sponsored hackers, were behind the record breaking 2014 Yahoo data breach that exposed information about hundreds of millions of Yahoo user accounts, InfoArmor said Wednesday.
The security firm found the stolen database while investigating into "Group E," a team of five professional hackers.
InfoArmor's claims dispute Yahoo's claim that a "state-sponsored actor" was behind the 500 million-record data breach. Day one, several security experts (including yours truly) were skeptical of Yahoo's claim and were disappointed that the company isn't offering more details.
The data that InfoArmor discovered contains only a few million accounts, and is apparently a subset, but it includes the users' login IDs, hashed passwords, mobile phone numbers and zip codes. InfoArmor said that although most of Group E's clients are skilled cybercriminals, they had at least one customer who was a state-sponsored actor. The stolen Yahoo database might have been used to target U.S. government officials.
InfoArmor stated they got the data from "operative sources" about a week ago and verified that the account information is real. It looks like Group E has sold the stolen Yahoo database in three private deals, one of them was sold for at least $300,000.
InfoArmor also claimed that Group E was behind high-profile breaches at LinkedIn, Dropbox and Tumblr. To sell that data, the team used other hackers, such as peace_of_mind to offer the stolen goods on the darknet.
So, Yahoo, please cough up the details that prove this was a state-sponsored actor or admit that your PR crisis-team went too far in their claims.