2016 was a very difficult year for Yahoo who experienced two separate breaches that affected 500 million users one time and 1 billion users the next. The hackers who managed to steal the details of 1 billion user accounts of the company, according to the New York Times, sold the database data on the Dark Web last August for $300.000.
The information comes from Andrew Komarov, head of the information office at InfoArmor security company. The researcher told NYT that three buyers, including two prominent spammers and another who could participate in regular espionage actions, bought the whole database with 300.000 dollars from a group of hackers believed to be operating from Eastern Europe.
The amount of 300.000 dollars is considered humiliating, for a database containing one billion accounts. This means buyers paid for each 0,0003 cents account of the dollar to hackers.
Please note that in addition to full names, passwords, dates of birth and phone numbers, the database contains security features and creationof backups to email addresses that could help in resetting forgotten passwords.
Of course this data can be used in attacks Phishing which may have exact personal information, and target bank accounts, credit cards, anything else you can imagine.
Komarov told Bloomberg that more than 150.000 US government and military accounts were found in the database, meaning hackers could threaten national security.
Yahoo, on the other hand, said it was unable to confirm Komarov's allegations yet. Meanwhile, the FBI said in a statement that it is investigating the violation.
It will be interesting to see what this revelation will bring to the future of Yahoo, which is preparing to be transferred to a new owner. Verizon up until the announcement of hack offered 4.8 billions to purchase the company.