Let's talk about hack at Yahoo. In the digital world, it takes only one click to collapse or suffer irreparable damage large and small businesses.
Do you know that Yahoo was not the victim of a complicated attack by a ninja hacker, and that a simple spear-phishing attack was the only weapon used for the biggest data breach in history?
Yes, one of Yahoo's employees has been the victim of a simple phishing attack by clicking on a wrong link sent to it by the hackers. With this click they managed to gain access to the company's internal networks.
The attacks phishing χρησιμοποιούνται για την υποκλοπή ονομάτων και κωδικών πρόσβασης χρηστών. Spear-phishing είναι μια στοχευμένη μορφή phishing στην οποία οι εισβολείς στοχεύουν εργαζόμενους στην εταιρεία που θέλουν να αποκτήσουν πρόσβαση, για να υποκλέψουν τα διαπιστευτήρια τους. 
Usually the opening of a malicious attachment file is enough to lose a lot of personal data from the victim's computer. If this victim had now been stored on his computer and access credentials to the systems of the company he is working with, we have the phenomenon of Yahoo.
Mass interception of her data Yahoo was human error according to indictment of the FBI.
On Wednesday, the US government charged two Russian spies (Dmitry Dokuchaev and Igor Sushchin) but also two hackers (Alexsey Belan and Karim Baratov) for the hack that took place at Yahoo in 2014. This particular hack leaked about 500 million user accounts of the company.
The indictment provides enough details about it hack of 2014, and FBI officials recently released a new one picture about how the two Russian Federal Security Service (FSB) officers hired two hackers to gain initial access to Yahoo in early 2014.
Let's see how the hack happened at Yahoo:
The attack began with a "Spear Phishing" e-mail sent to "semi-privileged" Yahoo employees rather than top executives at the beginning of 2014.
Although it is unclear how many Yahoo employees received the email, it only took a click on the malicious attachment or a link to get the attackers into Yahoo's internal networks.
Alexsey Belan, who is already on their list Most Wanted hackers of the FBI, began exploring the network and, according to the FBI, discovered two key elements:
- Yahoo's User Database (UDB) (a base data that contained personal information about all Yahoo users).
- And the Account Management Tool - a management tool used to edit the database.
Belan used File Transfer Protocol (FTP) to download Yahoo's database, which contained names, phone numbers, security questions and answers, and worst of all, emails post officey of recovering passwords that had a cryptographic value unique to each Yahoo account.
With account recovery messages and unique encryption rates, Belan and Baratov gained access to the accounts of some users who wanted the Russian spies Dokuchaev and Sushchin.
Once the accounts were discovered, the hackers used the stolen encryption values called "nonces" to create fake access cookies to those user accounts, giving FSB agents access to their users' email accounts without the need for a password.
According to the FBI, these cookies created between 2015 and 2016 gave them access to "more than 6.500 Yahoo accounts."
Who wanted the Russian spies:
According to the indictment, besides foreign webmail providers, Russian spies gained access to Yahoo accounts belonging to:
An Assistant Deputy Assistant to the President of Russia.
An officer in the Russian Ministry of Interior.
An instructor working in the Russian Ministry of Sport.
Russian journalists.
Employees of states bordering on Russia.
US government officials.
An employee in a Bitcoin wallet in Switzerland.
A worker in a US airline.
FBI Special Agent John Bennett said in a press conference that Yahoo first approached the FBI in 2014 for the hack and that they were "great collaborators" during their investigation.
However, the company announced the hack two years after it December of 2016, informing hundreds of millions of customers to change their codes.
