Yahoo acknowledged yesterday that hackers breached its systems and stole approximately 1 billion accounts, and now it turns out that the full database is available for purchase online.
The NYT writes that the 1 billion accounts that were stolen from Yahoo were sold on the Dark Web in August for $300,000 and what’s worse is that there were three different buyers who agreed to pay the price to gain control of the database.
Andrew Komarov, chief intelligence office at security firm InfoArmor, said two of the buyers were “prominent spammers,” while the third is believed to be involved in espionage attacks and might be planning to use the 1 billion accounts for similar tactics.
The price of the database, however, is believed to have dropped substantially after the story went public and Yahoo triggered a password reset, so interested buyers might have to pay only $20,000 for the full database.
It’s believed that the hacker group that breached Yahoo is based in Eastern Europe, but the company said it still doesn’t know if this is accurate or not. The firm, however, confirmed that the stolen information included names, passwords, phone numbers, security questions and answers, which obviously creates additional risks in case the same credentials were used on other websites.
And this doesn’t stop here. According to the same report, the accounts included approximately 150,000 US government and military employees, which means that their data is now available on the Dark Web. It goes without saying that officials from other countries are very likely to be among those whose accounts got hacked.