Database of billion Yahoo accounts sold three times for $300,000

The database containing data of more than a billion accounts, which was stolen from Yahoo in 2013, has been sold three times for $ 300,000, according to a security expert. Two buyers would be known spammers and the third may be an intelligence agency.

Andrew Komarov, chief intelligence officer of security firm InfoArmor, says in an interview with Bloomberg that the account database on the dark web is sold by a group he calls Group E. Komarov says he got his hands on the database in August when a transaction took place. According to the security expert, the database was sold as a set of credentials of “more than five hundred million, up to a billion users.”

The security expert says he witnessed three transactions where the database was sold for $300,000 at a time. Two buyers were known spam groups; a third buyer had a special request and wanted to see if the names of ten government officials and businessmen were on the list before purchasing. Komarov therefore suspects that the third buyer is an intelligence agency. The database was already looted in 2013, and it is not clear what happened to it in the past three years.

Just under two months after Komarov learned of the hack, Yahoo announced that it had been hacked by state hackers in 2014 and disclosed that data from 500 million accounts was on the street. Komarov noted that the details of that hack did not match the database he had accessed. Therefore, he suspected that a second hack had taken place. His company informed several governments in October, who subsequently made inquiries with Yahoo. Komarov says he has not informed Yahoo himself because of the impending acquisition by Verizon. As a result, he had no confidence in a proper settlement.

On Thursday, Yahoo confirmed the second hack, which took place in 2013. Stolen data includes names, email addresses, phone numbers, dates of birth, and in some cases encrypted and unencrypted security questions and answers. In addition, the hashed passwords with md5, which were deemed unsafe, were also stolen.

According to him, the group of hackers, which Komarov has been following for three years, comes from Eastern Europe. The hackers specialize in looting and selling user data. In total, according to Komarov, the group holds data on 3.5 billion accounts, from websites including Dropbox, MySpace and VK.com.