Security firm Disputes Yahoo’s Claim of State-Sponsored Hacker Breach

Yahoo’s now-infamous breach that saw 500 million account details stolen was instigated by common cybercriminals rather than state-sponsored hackers, a security company has claimed.

Contrary to Yahoo’s claim that a state-sponsored hacker or party breached its network to steal over 500 million users’ account information, an official from security firm InfoArmor has opined that the hack was the work of cybercriminals.

Andrew Komarov, chief intelligence officer at the security firm points to hackers behind well-known pseudonyms from the underground community are behind the company’s massive breach.

In a report, Komarov stated:

Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations.

The company unmistakably blamed the breach on the doings of a nation-state actor. The claim has seen skepticism from parts of the cybersecurity community. For instance, two people familiar with the still-ongoing investigation within the company told Bloomberg News that the state actor link wasn’t ‘iron-clad.’

Related article: Yahoo! Set to Confirm a “Massive” Data Breach

According to Komarov, the same group of blackhat hack-for-hire hackers is also directly linked to other notable breaches such as those of MySpace, Tumblr and LinkedIn.

The nature of the breach is that of a “closed” characteristic, according to the security executive. This is due to the “specifics of customers associated with this specific data and the motivations of the bad actors involved,” he wrote.

The data stolen as a result of the breach includes names, e-mail addresses, phone numbers and even un-encrypted security questions and answers which could potentially lead to identity theft if the security questions and answers are used in other online user accounts.

Meanwhile, Yahoo hasn’t responded with any comment in light of the detailed explanation offered by InfoArmor as to why it believes that the breach was caused by cybercriminals.

In its original announcement, it is notable that the company did not offer up any evidence to back its claim of alleging the breach upon a state actor, pointing to its ongoing investigation.

Image credit: Flickr.