Back in September, Yahoo confirmed a massive data breach that affected at least 500 million users that dated back to 2014. At the time, the company said it suspected a “state-sponsored” actor did it. The U.S. Justice Department has now brought charges against two Russian intelligence agents, as well as two accused co-conspirators, in connection to the hack attack.
A California grand jury indicted two officers of the Russian Federal Security Service (FSB) and two others dubbed "criminal hackers" for computer hacking, economic espionage, and other criminal offenses in connection with an alleged conspiracy to access Yahoo’s network and the contents of webmail accounts, the DOJ announced Wednesday.
Three of the defendants are Russian nationals and residents, one is a Canadian and Kazakh national and a resident of Canada. The two FSB officer defendants “protected, directed, facilitated, and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere,” the indictment reads.
The defendants are accused of using unauthorized access to Yahoo’s systems to steal information from at least half a billion Yahoo accounts, and then wielding some of the information they stole to “obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies.”
Related Stories From Consumer Reports
- Want to Dump Your Yahoo Email? Here's How
- Yahoo's Biggest Data Hack: What You Should Do Now
- Yahoo Data Breach: Stolen Passwords Were Encrypted, but That Doesn't Mean Users Are Safe
- CR's Guide to Online Security
- CR's Guide to Privacy
The U.S. claims that one of the defendants used his access to the Yahoo network for personal financial gain, by searching through emails for credit card and gift account numbers, allegedly redirecting a subset of Yahoo search engine web traffic in order to make commissions, while enabling the theft of contacts of "at least" 30 million Yahoo accounts to facilitate a spam campaign.
"The United States will vigorously investigate and prosecute the people behind such attacks to the fullest extent of the law," said U.S. Attorney General Jeff Sessions.
The fallout from this Yahoo hack—as well as another attack that may have occurred between 2015 and 2016—has translated to a $350 million cut off Verizon’s initial offer to buy the struggling internet company.
Copyright © 2005-2017 Consumers Union of U.S., Inc. No reproduction, in whole or in part, without written permission. Consumer Reports has no relationship with any advertisers on this site.