Yahoo! data breach likely exceeds 500 million records

 Yahoo! data breach likely exceeds 500 million records

InfoArmor reports that the Best News Mag   Yahoo! data breach likely contains millions more records than the 500-million figure now being bandied about. The number of user records stolen by the various groups involved in this and other recent hacks could total 3.5 billion. The company is also disputing the idea put forth by Yahoo! that a state actor performed the hack; instead, the security firm believes a group of Eastern Europeans is responsible. The records involved in this case were taken in 2014.

Andrew Komarov, InfoArmor CIO, told that the Yahoo! breach easily surpasses the 500 million mark, judging from a sample of several million of the stolen records his company could obtain. Still, he was reticent to put out an exact figure at this time and berated other firms for issuing numbers before the validation process was completed. “We need to validate the data leaks and not trust the words from the threat actors,” he said, adding more time is needed to determine the exact number involved.

Komarov said this also holds when assigning blame for an attack. When news of the breach broke, a state-sponsored group was assumed to be the source. InfoArmor has believed that the report states credit belongs to an Eastern European gang it calls Group E. A state-sponsored group’s only involvement with the attack is that Group E sold part of the Yahoo! data dump to such an organization. At the same time, Komarov said two other sales were made to gangs specializing in spam attacks. About $300,000 was charged for the data in each case.


Because Group E sells to specific customers, it has not posted the Yahoo! database to the web. Instead, it is being sold in pieces through proxies; InfoArmor wrote My Update Web. Michael Lipinski, CISO and chief security strategist at Securonix, told in an email that a true credit determination will be difficult until Yahoo! is more forthcoming. “Unfortunately, we are still speculating since there has been no release of information from Yahoo!” Lipinski said. “Sure, it’s possible that a state actor with ulterior motives contracted with the folks that already had the formula for breaching Yahoo! from work done on LinkedIn, DropBox, and Myspace. That’s a reasonable assumption. Why reinvent the wheel if you don’t have to,” he said.

However, Lipinski is more troubled by Yahoo! ‘s general inaction in responding to the hack. “The lack of discovery of this breach on Yahoo! ‘s part gave whoever took this information exactly what they wanted,” he said. “They had the account information that we now know was crackable. If they had ulterior motives, they had years to benefit from that obtained information and lack of notification to those accounts. That’s my larger concern.”

While the 500-million-plus Yahoo! user records are a massive number, InfoArmor believes the total number of records stolen over the last several years is several times that size. When Group E’s pile of Yahoo!! Data is added to those taken from LinkedIn, Myspace, Dropbox, and other big attacks, and then combined with all the other spells that have taken place, the total number of records compromised is likely in the region of 3.5 billion or about the same number of people who are known to use the internet, Komarov noted. Yahoo! has not yet responded to’s inquiry for further information.

Dennis Bailey

Professional beer geek. Alcohol ninja. Social media scholar. Award-winning twitter fanatic. Writer. Basketball fan, mother of 2, audiophile, Saul Bass fan and communicator, collector, connector, creator. Producing at the sweet spot between simplicity and purpose to create strong, lasting and remarkable design. I'm a designer and this is my work.