Cyber security firm: Yahoo hack was not state-sponsored

Cyber security firm, InfoArmor has alleged that the Yahoo hack, which compromised the credentials of 500 million users was not executed by state-sponsored hackers.

This isn’t just a shot in the dark; InfoArmor has conducted research that suggests the hackers were a group of “professional blackhats”.

InfoArmor’s Chief information officer, Andrew Komarov was quoted by Reuters saying, “[the hackers] have never been hired by anyone to hack Yahoo. They were simply looking for well known sites that had many users.”

So who hacked Yahoo?

It all starts with distributor known as tessa88. This individual has been seen on a number of forums which cyber criminals frequent. InfoArmor alleges that the first mention of Yahoo credentials being up for sale was made by tessa88.


It’s important to note that it’s unlikely tessa88 executes hacks but rather acts as a proxy to protect the cyber criminals.

Another proxy known as Peace_of_Mind then responded to tessa88 proposing a partnership in exchange for some of tessa88’s data.

At this stage Peace_of_Mind took some of tessa88’s data and posted it for sale on the dark web marketplace, The Real Deal Market. InfoArmor goes on to say that when this happened the relationship between the two proxies began to break down.

When cyber criminals rob cyber criminals

Peace_of_Mind made claims that the data tessa88 was flogging was misleading and falsified. Further to this, tessa88 was banned on a number of forums allegedly for taking 10 bitcoin from “InstallsBuyer” and running.

It was at this stage that Peace_of_Mind put up the supposed 200 million Yahoo user accounts up for sale. The cyber security firm points out that the proxy was selling the data dump for 3 bitcoin (R25 396 at time of writing) – a bargain for that amount of data.

After analysing the data in the dump, InfoArmor determined that it was more than likely the 200 million details were acquired from third party data leaks, not a Yahoo breach.


So was Yahoo actually breached?

The short answer is yes, but not by tessa88, Peace_of_Mind or the cyber criminals they represent.

The hack appears to have been executed by a group known as Group E but there is no way of knowing if the data is legitimate because the data dump is not yet available on dark web forums or marketplaces.

A sample of the data suggests that the information is legitimate but as InfoArmor has made painfully clear, nothing is as it seems.

It’s a lot of information to digest but the moral of this story is that often hackers are claiming they have information they don’t.

However, as this Yahoo hack illustrates, even if information turns out to be false, its much safer to assume the worst and clamp down on security.

[Image – CC BY SA 2.0 Tnarik Innael]

Join the conversation